Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log help please


  • This topic is locked This topic is locked
18 replies to this topic

#1 n01paranoid

n01paranoid

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 30 April 2011 - 01:43 AM

I got infected with the Clean This virus the other week. I've scanned with MBAM, SAS, Emisoft and Sophos anti rootkit and removed all the nasties they found. Just wondered if there were still any other problems.

Here's my hijackthis log. If someone could have a look at it I'd really appreciate it. Thanks



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:04:09 PM, on 4/29/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O3 - Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262710541940
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD146B60-0C1D-4D08-9DDB-F7F258177245}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

PS - for the record I switched to Avira anti virus and Comodo firewall after I got infected. At the time of infection I had Microsoft Security Essentials AV (very disappointed it missed the virus) and Windows firewall.

EDIT: Posts merged ~Budapest

Edited by Budapest, 30 April 2011 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 08 May 2011 - 11:15 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 09 May 2011 - 07:07 AM

Thanks a lot for the reply etavares. I really appreciate the help. Unfortunately I'll be away for a few days. I'll try and reply with my logs during that time but otherwise it won't be until Friday 13/5/11.

Thanks again.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 09 May 2011 - 06:07 PM

Ok, thanks for letting me know. I'll look for them this weekend.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 13 May 2011 - 07:44 AM

My OTL logs are below but my GMER log is too big to attach (780 kbs). Can you please advise me how to attach this size file, or shall I copy and paste it?



OTL logfile created on: 5/13/2011 12:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tinky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 35.83 Gb Free Space | 24.87% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 30.90 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: TINKY-PC | User Name: Tinky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
PRC - [2011/05/10 06:19:03 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/06 22:24:32 | 001,866,864 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 10:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
MOD - [2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/19 23:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/29 18:59:19 | 000,050,944 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/19 23:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/28 16:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 32 61 AF C9 12 CA 01 [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {6406a529-3755-e4ac-0bed-1d0fe7829dbc}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {bfe3406c-6f31-4789-86d5-efa50e12c9eb}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 19:05:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 18:37:17 | 000,000,000 | ---D | M]

[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions
[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/24 17:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions
[2011/03/17 20:13:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/17 20:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash
[2010/06/23 17:50:00 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
[2011/02/04 14:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/17 20:13:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/04 09:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Sunbird\Profiles\9y2tt2z2.default\extensions
[2010/03/25 15:40:03 | 000,000,681 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\ask.xml
[2010/10/05 09:47:07 | 000,002,570 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\askcom.xml
[2010/09/24 10:04:15 | 000,000,909 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\conduit.xml
[2010/02/14 23:50:39 | 000,000,266 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\Search.xml
[2011/05/12 15:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 23:50:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{6406a529-3755-e4ac-0bed-1d0fe7829dbc}
[2010/01/05 18:22:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2010/09/21 17:07:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/12 15:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/08/21 00:28:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/12 15:46:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262710541940 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Tinky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk - - File not found
MsConfig - StartUpReg: 0Spam.com Express - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 14:52:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/04 11:38:31 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\vlc
[2011/05/04 10:38:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{5A372336-C55B-476C-8D5D-419EB0D41846}
[2011/05/03 19:41:10 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/05/03 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\RealWorld
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/04/26 19:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{EB854AA9-4A31-44AA-A371-E2F47817C144}
[2011/04/26 19:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/25 09:23:59 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{4FEA6EB4-E19C-4CF9-B1F8-86C03CA8FEEE}
[2011/04/25 06:59:00 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/04/24 16:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/04/24 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/04/24 16:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/04/24 10:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/04/24 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\CheckPoint
[2011/04/24 08:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/04/24 08:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/04/23 11:51:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/04/20 17:10:11 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\PackageAware
[2011/04/20 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Avira
[2011/04/20 16:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/20 16:13:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/20 16:13:23 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/20 16:13:23 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/20 16:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/20 13:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/19 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{B4A45601-AB01-4B31-9982-E3B5A813D66C}
[2011/04/18 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/18 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/18 16:53:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2011/04/16 17:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/16 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/16 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Tinky\Documents\Anti-Malware
[2011/04/16 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\QuickScan
[2011/04/15 20:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/04/15 17:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/04/15 17:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/15 17:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/04/15 17:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/04/15 16:52:57 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\FreeFileViewer
[2011/04/15 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/04/15 16:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/14 13:35:26 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010/05/29 16:43:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tinky\AppData\Roaming\pcouffin.sys
[2008/11/18 17:05:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/05/13 12:05:53 | 000,005,674 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:54 | 000,004,518 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:09 | 000,009,916 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/13 11:18:40 | 000,249,856 | ---- | M] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/13 10:52:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 10:52:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 08:59:13 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/13 08:59:13 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/13 08:55:34 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/13 08:53:09 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/13 08:52:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:41 | 000,000,756 | ---- | M] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011/05/09 13:00:33 | 000,050,477 | ---- | M] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/07 06:50:40 | 000,002,046 | ---- | M] () -- C:\Users\Tinky\Desktop\Google Chrome.lnk
[2011/05/05 09:52:59 | 000,004,286 | ---- | M] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011/05/05 08:13:46 | 000,019,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2011/05/04 11:36:51 | 020,533,281 | ---- | M] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/02 12:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 12:10:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000UA.job
[2011/05/02 08:46:51 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/01 19:03:09 | 000,000,018 | ---- | M] () -- C:\Windows\cmm.dat
[2011/05/01 18:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000Core.job
[2011/04/30 09:24:54 | 000,001,079 | ---- | M] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/30 07:52:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/29 21:51:53 | 000,002,529 | ---- | M] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/29 20:56:15 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tinky\Desktop\TDSSKiller.exe
[2011/04/27 21:53:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 20:24:20 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/26 19:13:18 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:29:18 | 000,068,292 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:15 | 001,395,387 | ---- | M] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/25 07:14:21 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/21 16:57:09 | 000,006,774 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2011/04/20 16:18:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/19 19:31:48 | 000,090,824 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/04/18 20:54:04 | 002,203,680 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 20:57:26 | 000,001,916 | ---- | M] () -- C:\Users\Tinky\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/16 20:37:06 | 000,323,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 17:52:15 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 16:04:14 | 000,390,554 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/04/16 15:13:54 | 000,000,043 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\1.gif
[2011/04/16 14:38:32 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2011/04/16 14:26:37 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/04/15 18:58:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/04/15 18:58:01 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011/04/14 13:25:59 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\One-Click-Optimizer.lnk
[2011/04/14 13:25:59 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk

========== Files Created - No Company Name ==========

[2011/05/13 12:05:36 | 000,005,674 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:52 | 000,004,518 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:06 | 000,009,916 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/11 14:29:40 | 000,000,756 | ---- | C] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 13:00:32 | 000,050,477 | ---- | C] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/05 09:52:59 | 000,004,286 | ---- | C] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/04 11:36:24 | 020,533,281 | ---- | C] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/01 19:03:09 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/30 09:24:54 | 000,001,079 | ---- | C] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/27 21:53:32 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 19:13:18 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | C] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:28:55 | 000,068,292 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:14 | 001,395,387 | ---- | C] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/20 13:50:50 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/20 09:17:43 | 000,002,529 | ---- | C] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/19 19:31:35 | 000,090,824 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/18 20:53:28 | 002,203,680 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 20:57:26 | 000,001,916 | ---- | C] () -- C:\Users\Tinky\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/16 17:52:15 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:13:54 | 000,000,043 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\1.gif
[2011/04/16 14:38:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/04/16 14:26:37 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/04/16 14:18:35 | 000,390,554 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/04/15 17:27:38 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/04/15 17:27:20 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\FileCure Default.job
[2011/04/15 17:27:15 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/04/14 13:25:59 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\One-Click-Optimizer.lnk
[2011/04/14 13:25:59 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2010/10/14 16:45:47 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/10/14 16:45:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/10/05 12:36:02 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/09/16 14:08:59 | 000,673,280 | ---- | C] () -- C:\Windows\is-L89AD.exe
[2010/08/20 16:20:09 | 000,673,280 | ---- | C] () -- C:\Windows\is-2THAP.exe
[2010/08/17 11:21:50 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/08/16 15:41:54 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/16 15:41:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/16 14:36:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/29 16:45:21 | 000,001,057 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\vso_ts_preview.xml
[2010/05/29 16:43:56 | 000,087,608 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\inst.exe
[2010/05/29 16:43:56 | 000,007,887 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.cat
[2010/05/29 16:43:56 | 000,001,144 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.inf
[2010/03/31 16:29:17 | 000,006,774 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2010/02/19 01:54:11 | 000,673,280 | ---- | C] () -- C:\Windows\is-CU3SV.exe
[2010/02/17 22:53:36 | 000,000,530 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/01 00:46:05 | 000,673,280 | ---- | C] () -- C:\Windows\is-6TB6E.exe
[2009/12/30 15:35:29 | 000,133,368 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/29 18:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2009/11/29 22:42:12 | 000,023,888 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\UserTile.png
[2009/11/17 19:41:22 | 000,000,335 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\burnaware.ini
[2009/11/05 18:31:39 | 000,000,089 | ---- | C] () -- C:\Windows\AudioDVD.INI
[2009/10/15 10:32:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 09:01:43 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/10/07 09:16:40 | 000,000,230 | ---- | C] () -- C:\Windows\reimage.ini
[2009/09/17 12:53:46 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2009/08/27 18:58:25 | 000,000,680 | ---- | C] () -- C:\Users\Tinky\AppData\Local\d3d9caps.dat
[2009/08/26 08:05:15 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/21 18:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/21 00:45:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/21 00:45:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/20 17:43:05 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/08/04 22:08:26 | 000,000,008 | ---- | C] () -- C:\Windows\SAGE.INI
[2009/08/04 10:17:19 | 000,000,512 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 14:55:43 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/02 14:55:43 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/02 07:27:11 | 000,249,856 | ---- | C] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:39:20 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 21:38:11 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/26 01:06:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/26 01:06:30 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/12/26 01:06:30 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/11/18 18:17:48 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/11/18 18:09:12 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/11/18 18:09:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/11/18 17:43:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/18 17:03:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,323,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/24 08:18:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2003/09/24 08:18:14 | 000,155,648 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2003/09/24 08:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2003/09/24 08:16:48 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2003/09/24 08:16:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2003/09/24 08:16:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2003/09/24 08:16:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2003/09/24 08:16:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2003/09/24 08:16:12 | 000,241,664 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2003/09/24 08:15:54 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGLIST32.DLL
[2003/09/24 08:15:38 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SGTOOL32.DLL
[2003/09/24 08:15:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGINTL32.DLL
[2003/09/24 08:15:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDT32.DLL
[2003/09/24 08:15:24 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHELP32.DLL
[2003/09/24 08:15:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2003/09/24 08:15:16 | 000,151,552 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2003/09/24 08:15:02 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2003/09/24 08:15:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SGCOM32.DLL
[2003/08/11 10:07:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE
[2003/08/11 10:07:36 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2003/08/11 10:03:26 | 001,581,056 | ---- | C] () -- C:\Windows\System32\SGREP32.DLL
[2003/08/02 10:34:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2009/10/14 10:36:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
[2009/10/14 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2009/10/14 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009/08/02 20:45:00 | 000,000,000 | -HSD | M] -- C:\Users\Tinky\AppData\Roaming\.#
[2010/03/31 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\.freeciv
[2009/07/31 20:35:55 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Acer
[2008/11/18 18:43:48 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Acer GameZone Console
[2009/11/25 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Acoustica
[2010/05/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\AnvSoft
[2010/10/23 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Ashampoo
[2010/08/13 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Auslogics
[2010/10/14 08:55:59 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\avidemux
[2010/11/04 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Azureus
[2010/09/23 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/11/17 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Canneverbe_Limited
[2010/09/22 07:09:54 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\CBS Interactive
[2011/04/24 08:45:23 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\CheckPoint
[2009/12/23 13:27:39 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Chessmaster Challenge
[2009/11/17 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\DeepBurner
[2009/10/08 09:01:44 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\DonationCoder
[2009/08/04 09:47:35 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Enigma
[2009/08/02 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\eSobi
[2009/10/12 09:37:19 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\FlashGet
[2011/04/15 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\FreeFileViewer
[2010/10/21 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\FreeStone Group
[2010/12/07 10:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\FUJIFILM
[2010/09/29 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\GlarySoft
[2010/12/07 12:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\gtk-2.0
[2010/08/16 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\HamsterSoft
[2009/08/25 08:38:46 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Hrsim
[2009/11/30 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\iGetMusic
[2011/04/30 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\IObit
[2009/07/31 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Leadertech
[2010/10/18 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\LimeWire
[2011/04/14 13:37:04 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\MP3Rocket
[2010/02/15 22:56:14 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\MPEG Streamclip
[2009/11/08 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\NCH Swift Sound
[2010/08/14 17:40:20 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\OpenDNS Updater
[2009/12/22 00:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\OpenOffice.org
[2010/01/25 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Opera
[2009/11/29 22:42:11 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\PeerNetworking
[2010/01/25 00:33:33 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\ppstream
[2011/04/22 14:23:08 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\QuickScan
[2009/09/10 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\SpinTop
[2009/11/18 20:23:48 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\StarBurn
[2009/10/09 08:48:32 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\StreamTorrent
[2009/08/04 10:34:35 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Template
[2010/01/06 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Titanium Gears
[2011/04/16 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\TuneUp Software
[2009/11/04 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\TweakNow PowerPack 2009
[2009/08/24 08:03:34 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\uniblue
[2011/05/13 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\uTorrent
[2010/09/14 09:16:52 | 000,000,000 | ---D | M] -- C:\Users\Tinky\AppData\Roaming\Vso
[2011/04/15 18:58:01 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job
[2011/04/19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/04/15 18:58:01 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/05/02 12:46:39 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/14 17:06:46 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2011/03/03 14:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2010/01/07 23:01:29 | 000,015,221 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/04/16 16:01:40 | 000,004,457 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/18 17:05:34 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/08/04 21:57:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/26 01:20:34 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2009/08/04 21:57:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/13 08:52:39 | 3529,437,184 | -HS- | M] () -- C:\pagefile.sys
[2008/12/26 01:13:03 | 000,000,060 | ---- | M] () -- C:\Partition.txt
[2008/11/18 18:09:46 | 000,000,646 | ---- | M] () -- C:\RHDSetup.log
[2011/04/22 14:57:28 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2009/08/02 14:55:37 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2011/05/01 13:35:16 | 000,002,138 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_13.35.11_log.txt
[2011/04/23 11:51:18 | 000,191,304 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_11.46.27_log.txt
[2011/04/23 11:52:20 | 000,065,932 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_11.51.28_log.txt
[2011/04/23 11:53:48 | 000,065,932 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_11.52.53_log.txt
[2011/04/23 12:05:13 | 000,065,230 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_12.04.44_log.txt
[2011/04/23 15:45:25 | 000,064,090 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_15.44.52_log.txt
[2011/04/29 20:58:01 | 000,064,060 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_29.04.2011_20.57.34_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Files - Unicode (All) ==========
[2011/04/16 16:01:47 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/04/16 16:01:47 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:C95B63DA
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:93E9C78D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:793F316E

< End of report >












OTL Extras logfile created on: 5/13/2011 12:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tinky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 35.83 Gb Free Space | 24.87% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 30.90 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: TINKY-PC | User Name: Tinky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A2BC17-BD4F-4A9D-B69E-D5A9C9DE74E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CC88D641-555F-4CE8-AFF4-CE2E9EFF4A91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{182D502D-4E9E-4ED0-834B-25CC2DB715A2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C5E469F-EEF2-4250-A456-E28F8C54CC3E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{251BDE07-E910-4D65-9E4B-E30CA26D9440}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-engb-trial-downloader.exe |
"{2CF63CA2-4435-4991-AF96-F650552B78BD}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"{40F36B7F-D3B5-42FB-81CE-A3826F9C5C64}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{4DF01583-D10A-44CB-BFD5-AFF42D635247}" = protocol=17 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{4EECF81A-70C2-4414-ADBC-4E4CE3AAD2C1}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"{54A2554D-13E6-433A-9266-FF8CAAB2F06E}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{58029D2E-3712-44B1-9408-F6F4CE656905}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5CE84DBB-C27B-4CC4-AA48-4F07DE498B5D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{62C7C5A7-0003-453A-9D07-8267719F577D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{64B84E75-CDF6-40A4-901B-55BAFC172E5C}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"{6609FBF2-67DA-4E21-8CA7-2CC861C3BBED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{671C30DE-701E-4409-9B6A-B081096D1893}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7390505F-9D06-4DE9-A7E1-8611CB28DE8A}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{8460336C-0B01-4766-AAC8-FDB494FDA7A1}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{9B42A0CD-459D-4DDF-B0ED-D7730E96FD39}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F49CF4D-F23E-4156-8FA3-614DABC3CA8C}" = protocol=6 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{A4651429-0CE0-4717-82DC-6A4475E65562}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B6D05441-925C-4FD6-A97E-0EACB75ACFDD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C88CA162-B6B3-4F71-80FB-899659F940B0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D262AC04-7242-4237-BF0B-0742E811764C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-engb-trial-downloader.exe |
"{EA12C4F2-5968-482C-8EB0-9712308D9EE4}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"TCP Query User{2BDF4C0B-4F7B-4750-8071-8DCC8175DECE}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{5F790462-3114-43FE-BBFE-39D74E63491F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{68F9256F-EB49-47AE-B9D8-E94B4975CF98}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{76FE4757-3723-43CC-B442-F0CAE6EEA5C8}C:\users\tinky\appdata\local\freeciv-2.2.0-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\tinky\appdata\local\freeciv-2.2.0-gtk2\freeciv-server.exe |
"TCP Query User{8988EE93-8572-42BF-9BD2-ED08604AE215}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{961142AF-BDE6-4ADF-B34D-BF102DDA6791}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{A51BECED-B69C-4182-82BC-275B6F94EB46}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B11ECCE4-5E73-432A-AF2E-D87C52DDF7DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D0ACB97E-1F31-41A8-8817-83D34DA4A5C8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{D4C09605-AB9C-4DBD-A5E1-7463E3C08CF0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E7204922-9AA6-42A1-8E88-43F3812D16DB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{F5FF8BC3-46FB-4C8A-9B4A-2551B7ED037D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3BB923F0-A0A9-4A91-9E6C-65269F31DA4F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{6814FA34-3B49-4B3C-854D-C5953FCBF55E}C:\users\tinky\appdata\local\freeciv-2.2.0-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\tinky\appdata\local\freeciv-2.2.0-gtk2\freeciv-server.exe |
"UDP Query User{6C418D1D-B70B-4720-A249-8506F043138C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{6EB81867-7391-4ADE-9EE9-2B6902BB6E43}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6F305FCC-6749-437A-A6ED-9DA87AB27F82}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{7219CDF9-3D09-4D1C-9403-529276E134B1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{753D8B18-B6B1-4E24-8D84-9533839D9665}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A72095C7-8F05-49F8-9B75-2D0E8E12B6C0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{AF36F9FE-BF79-40ED-9EB9-924BCD057BBD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BFB03579-8DD1-4BE6-A155-AD28F2C2469D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D3F0BD1D-2813-4E5A-A9A4-C696E8ABE1C6}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{E9F2C664-BD10-4082-BC00-5E6C30B149EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}" = O2InstV3Win7UpdateV2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.1.7
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"AVI Splitter_is1" = AVI Splitter
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HitmanPro35" = Hitman Pro 3.5
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.92
"SopCast" = SopCast 3.2.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Trusted Software Assistant_is1" = File Type Assistant
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"xvid" = Xvid MPEG-4 Video Codec
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.2.0-gtk2" = Freeciv 2.2.0 (GTK+ client)
"Google Chrome" = Google Chrome
"Magical Glass" = Magical Glass
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 1:26:07 PM | Computer Name = Tinky-PC | Source = VSS | ID = 8194
Description =

Error - 5/11/2011 7:00:56 AM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2011 9:24:53 AM | Computer Name = Tinky-PC | Source = VSS | ID = 8194
Description =

Error - 5/11/2011 11:24:18 AM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2011 2:05:49 PM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2011 2:49:45 PM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2011 4:09:23 AM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2011 9:24:20 AM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2011 1:37:44 PM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/13/2011 3:53:04 AM | Computer Name = Tinky-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/1/2009 10:24:44 AM | Computer Name = Tinky-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/1/2009 10:24:44 AM | Computer Name = Tinky-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/1/2009 10:25:15 AM | Computer Name = Tinky-PC | Source = DCOM | ID = 10010
Description =

Error - 8/1/2009 10:31:03 AM | Computer Name = Tinky-PC | Source = HTTP | ID = 15016
Description =

Error - 8/1/2009 10:43:22 AM | Computer Name = Tinky-PC | Source = DCOM | ID = 10016
Description =

Error - 8/1/2009 10:43:51 AM | Computer Name = Tinky-PC | Source = DCOM | ID = 10016
Description =

Error - 8/1/2009 11:54:45 AM | Computer Name = Tinky-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 8/1/2009 11:55:24 AM | Computer Name = Tinky-PC | Source = HTTP | ID = 15016
Description =

Error - 8/1/2009 3:49:17 PM | Computer Name = Tinky-PC | Source = HTTP | ID = 15016
Description =

Error - 8/1/2009 11:58:58 PM | Computer Name = Tinky-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 13 May 2011 - 05:39 PM

Please check your PM for my email address to send the GMER file to. Please reply here when you have done so.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 14 May 2011 - 02:32 AM

Hi etavares

I've just emailed my GMER log to you

n01paranoid

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 14 May 2011 - 09:35 AM

Hello, n01paranoid.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case StreamTorrent, uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Glary Utilities / Glary Registry Repair). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578

Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578



Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.







Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 14 May 2011 - 02:01 PM

Thanks for the above report etavares. Here are my MBAM and aswMBR logs:



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6579

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/14/2011 7:41:14 PM
mbam-log-2011-05-14 (19-41-14).txt

Scan type: Quick scan
Objects scanned: 160677
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)










aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-14 19:47:35
-----------------------------
19:47:35.241 OS Version: Windows 6.0.6002 Service Pack 2
19:47:35.241 Number of processors: 2 586 0x1706
19:47:35.241 ComputerName: TINKY-PC UserName: Tinky
19:47:37.611 Initialize success
19:48:35.091 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:48:35.091 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:48:35.111 Disk 0 MBR read successfully
19:48:35.111 Disk 0 MBR scan
19:48:35.111 Disk 0 unknown MBR code
19:48:35.121 Disk 0 scanning sectors +625139712
19:48:35.161 Disk 0 scanning C:\Windows\system32\drivers
19:48:39.811 Service scanning
19:48:41.191 Disk 0 trace - called modules:
19:48:41.241 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:48:41.241 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86343268]
19:48:41.241 3 CLASSPNP.SYS[8a5a88b3] -> nt!IofCallDriver -> [0x858e03c0]
19:48:41.251 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x845b5028]
19:48:41.251 Scan finished successfully
19:49:51.451 Disk 0 MBR has been saved successfully to "C:\Users\Tinky\Desktop\MBR.dat"
19:49:51.451 The log file has been saved successfully to "C:\Users\Tinky\Desktop\aswMBR.txt"



PS - I was unable to find the Ask toolbar in the uninstall/change programs section. The only location I found it was in Firefox and I removed it from there. Is that sufficient?


n01paranoid

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 15 May 2011 - 02:49 PM

Hello, n01paranoid.

Yes, removing it from FF is perfect.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  • Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  • Click OK at the first message box.
  • Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  • Click OK.
  • Click Yes to create the new folder.
  • You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - Reg Error: Key error. File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:C95B63DA
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A31FAD21
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FEBEC560
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:9E22BBE8
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D158BAF9
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:93E9C78D
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:793F316E
    :files
    C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    C:\Users\Tinky\AppData\Roaming\.#
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Do you recognize this folder?

C:\Windows\System32\獷楬汢捯污





Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares

Edited by etavares, 15 May 2011 - 02:50 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 16 May 2011 - 09:58 AM

Hi etavares

I've done what you asked. Regarding the various steps in your last post:

Step 2
When I rebooted after the OTL Run Fix, a box popped up saying an operation in relation to this could not be performed. I should have made a note of exactly what it said. Anyway, I clicked on OK in the box. My OTL Run Fix and Run Scan reports are below.


Step 3
I don't recognize C:\Windows\System32\獷楬汢捯污


Step 4
The ESET scan didn't find any threats. I couldn't find any report to show this. The only button available to click on was FINISH.

Before I started the scan, it said another antivirus software was detected and this may affect the performance and quality of the scan. Should I have switched off my internet connection and disabled my antivirus and firewall before the ESET scan?

PS - the OTL scan seems to show Ask is still the Firefox default search engine even though I removed it.





OTL REPORTS:



Run Fix log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_USERS\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F08555B0-9CC3-11D2-AA8E-000000000567} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F08555B0-9CC3-11D2-AA8E-000000000567}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
ADS C:\ProgramData\Temp:C95B63DA deleted successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\ProgramData\Temp:A31FAD21 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:FEBEC560 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:D158BAF9 deleted successfully.
ADS C:\ProgramData\Temp:93E9C78D deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:793F316E deleted successfully.
========== FILES ==========
C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} folder moved successfully.
C:\Users\Tinky\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 330629 bytes
->Temporary Internet Files folder emptied: 71908 bytes
->FireFox cache emptied: 15980559 bytes
->Flash cache emptied: 480 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tinky
->Temp folder emptied: 929101 bytes
->Temporary Internet Files folder emptied: 2835642 bytes
->Java cache emptied: 2971675 bytes
->FireFox cache emptied: 49498570 bytes
->Google Chrome cache emptied: 5180962 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05162011_115705

Files\Folders moved on Reboot...
File move failed. C:\Users\Tinky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...





Run Scan log:

OTL logfile created on: 5/16/2011 12:12:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tinky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 33.99 Gb Free Space | 23.59% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 37.61 Gb Free Space | 26.77% Space Free | Partition Type: NTFS

Computer Name: TINKY-PC | User Name: Tinky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
PRC - [2011/05/10 06:19:03 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 10:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
MOD - [2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/19 23:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/29 18:59:19 | 000,050,944 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/19 23:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/28 16:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 32 61 AF C9 12 CA 01 [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {6406a529-3755-e4ac-0bed-1d0fe7829dbc}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {bfe3406c-6f31-4789-86d5-efa50e12c9eb}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.8.0.1

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 19:05:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 18:37:17 | 000,000,000 | ---D | M]

[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions
[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/14 10:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions
[2011/03/17 20:13:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/17 20:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash
[2010/06/23 17:50:00 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
[2011/02/04 14:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/17 20:13:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/05/14 10:04:30 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\keyscrambler@qfx.software.corporation
[2009/08/04 09:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Sunbird\Profiles\9y2tt2z2.default\extensions
[2010/09/24 10:04:15 | 000,000,909 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\conduit.xml
[2010/02/14 23:50:39 | 000,000,266 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\Search.xml
[2011/05/14 10:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 23:50:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{6406a529-3755-e4ac-0bed-1d0fe7829dbc}
[2010/01/05 18:22:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2010/09/21 17:07:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/12 15:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/08/21 00:28:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/12 15:46:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262710541940 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 11:57:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 11:51:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 11:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/16 11:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/14 19:38:31 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Tinky\Desktop\aswMBR.exe
[2011/05/14 10:04:47 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\QFX Software
[2011/05/14 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2011/05/14 10:04:13 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2011/05/14 10:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2011/05/14 10:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/13 12:28:39 | 000,000,000 | ---D | C] -- C:\Users\Tinky\Desktop\gmer
[2011/05/12 15:46:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/12 15:46:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/12 15:46:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/12 14:52:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/04 11:38:31 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\vlc
[2011/05/04 10:38:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{5A372336-C55B-476C-8D5D-419EB0D41846}
[2011/05/03 19:41:10 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/05/03 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\RealWorld
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/04/27 08:25:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 08:25:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 08:25:00 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 19:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{EB854AA9-4A31-44AA-A371-E2F47817C144}
[2011/04/26 19:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/25 09:23:59 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{4FEA6EB4-E19C-4CF9-B1F8-86C03CA8FEEE}
[2011/04/25 06:59:00 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/04/24 16:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/04/24 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/04/24 16:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/04/24 10:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/04/24 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\CheckPoint
[2011/04/24 08:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/04/24 08:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/04/23 11:51:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/04/20 17:10:11 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\PackageAware
[2011/04/20 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Avira
[2011/04/20 16:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/20 16:13:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/20 16:13:23 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/20 16:13:23 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/20 16:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/20 13:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/20 11:02:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/19 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{B4A45601-AB01-4B31-9982-E3B5A813D66C}
[2011/04/18 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/18 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/18 16:53:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2011/04/16 17:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/16 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/16 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Tinky\Documents\Anti-Malware
[2011/04/16 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\QuickScan
[2010/05/29 16:43:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tinky\AppData\Roaming\pcouffin.sys
[2008/11/18 17:05:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/05/16 12:04:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/16 12:04:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/16 12:01:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/16 11:59:07 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/16 11:58:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 11:58:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 11:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 11:45:33 | 000,000,917 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 11:44:56 | 000,000,737 | ---- | M] () -- C:\Users\Tinky\Desktop\NTREGOPT.lnk
[2011/05/16 11:44:56 | 000,000,718 | ---- | M] () -- C:\Users\Tinky\Desktop\ERUNT.lnk
[2011/05/16 11:44:09 | 000,056,320 | ---- | M] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 11:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Tinky\defogger_reenable
[2011/05/14 19:49:51 | 000,000,512 | ---- | M] () -- C:\Users\Tinky\Desktop\MBR.dat
[2011/05/14 19:38:31 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Tinky\Desktop\aswMBR.exe
[2011/05/14 18:58:08 | 000,002,046 | ---- | M] () -- C:\Users\Tinky\Desktop\Google Chrome.lnk
[2011/05/13 12:28:40 | 000,302,080 | ---- | M] () -- C:\Users\Tinky\Desktop\gmer.exe
[2011/05/13 12:22:46 | 000,293,775 | ---- | M] () -- C:\Users\Tinky\Desktop\gmer.zip
[2011/05/13 12:05:53 | 000,005,674 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:54 | 000,004,518 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:09 | 000,009,916 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/12 15:46:03 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/12 15:46:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/12 15:46:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/12 15:46:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:41 | 000,000,756 | ---- | M] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011/05/09 13:00:33 | 000,050,477 | ---- | M] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/05 09:52:59 | 000,004,286 | ---- | M] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011/05/05 08:13:46 | 000,019,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2011/05/04 11:36:51 | 020,533,281 | ---- | M] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/02 12:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 12:10:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000UA.job
[2011/05/02 08:46:51 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/01 19:03:09 | 000,000,018 | ---- | M] () -- C:\Windows\cmm.dat
[2011/05/01 18:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000Core.job
[2011/04/30 09:24:54 | 000,001,079 | ---- | M] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/30 07:52:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/29 21:51:53 | 000,002,529 | ---- | M] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/29 20:56:15 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tinky\Desktop\TDSSKiller.exe
[2011/04/27 21:53:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 20:24:20 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/26 19:13:18 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:29:18 | 000,068,292 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:15 | 001,395,387 | ---- | M] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/25 07:14:21 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2011/04/21 16:57:09 | 000,006,774 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2011/04/20 16:18:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/19 19:31:48 | 000,090,824 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/04/18 20:54:04 | 002,203,680 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 20:57:26 | 000,001,916 | ---- | M] () -- C:\Users\Tinky\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/16 20:37:06 | 000,323,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 17:52:15 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 16:04:14 | 000,390,554 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/04/16 15:13:54 | 000,000,043 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\1.gif
[2011/04/16 14:38:32 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2011/04/16 14:26:37 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml

========== Files Created - No Company Name ==========

[2011/05/16 11:45:33 | 000,000,917 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 11:44:56 | 000,000,737 | ---- | C] () -- C:\Users\Tinky\Desktop\NTREGOPT.lnk
[2011/05/16 11:44:56 | 000,000,718 | ---- | C] () -- C:\Users\Tinky\Desktop\ERUNT.lnk
[2011/05/16 11:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Tinky\defogger_reenable
[2011/05/14 19:49:51 | 000,000,512 | ---- | C] () -- C:\Users\Tinky\Desktop\MBR.dat
[2011/05/13 12:22:46 | 000,293,775 | ---- | C] () -- C:\Users\Tinky\Desktop\gmer.zip
[2011/05/13 12:05:36 | 000,005,674 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:52 | 000,004,518 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:06 | 000,009,916 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/11 14:29:40 | 000,000,756 | ---- | C] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 13:00:32 | 000,050,477 | ---- | C] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/05 09:52:59 | 000,004,286 | ---- | C] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/04 13:54:12 | 000,302,080 | ---- | C] () -- C:\Users\Tinky\Desktop\gmer.exe
[2011/05/04 11:36:24 | 020,533,281 | ---- | C] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/01 19:03:09 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/30 09:24:54 | 000,001,079 | ---- | C] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/27 21:53:32 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 19:13:18 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | C] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:28:55 | 000,068,292 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:14 | 001,395,387 | ---- | C] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/20 13:50:50 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/20 09:17:43 | 000,002,529 | ---- | C] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/19 19:31:35 | 000,090,824 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/18 20:53:28 | 002,203,680 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 20:57:26 | 000,001,916 | ---- | C] () -- C:\Users\Tinky\Desktop\Sophos Anti-Rootkit.lnk
[2011/04/16 17:52:15 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:13:54 | 000,000,043 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\1.gif
[2011/04/16 14:38:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/04/16 14:26:37 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/04/16 14:18:35 | 000,390,554 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/10/14 16:45:47 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/10/14 16:45:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/10/05 12:36:02 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/09/16 14:08:59 | 000,673,280 | ---- | C] () -- C:\Windows\is-L89AD.exe
[2010/08/20 16:20:09 | 000,673,280 | ---- | C] () -- C:\Windows\is-2THAP.exe
[2010/08/17 11:21:50 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/08/16 15:41:54 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/16 15:41:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/16 14:36:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/29 16:45:21 | 000,001,057 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\vso_ts_preview.xml
[2010/05/29 16:43:56 | 000,087,608 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\inst.exe
[2010/05/29 16:43:56 | 000,007,887 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.cat
[2010/05/29 16:43:56 | 000,001,144 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.inf
[2010/03/31 16:29:17 | 000,006,774 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2010/02/19 01:54:11 | 000,673,280 | ---- | C] () -- C:\Windows\is-CU3SV.exe
[2010/02/17 22:53:36 | 000,000,530 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/01 00:46:05 | 000,673,280 | ---- | C] () -- C:\Windows\is-6TB6E.exe
[2009/12/30 15:35:29 | 000,133,368 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/29 18:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2009/11/29 22:42:12 | 000,023,888 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\UserTile.png
[2009/11/17 19:41:22 | 000,000,335 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\burnaware.ini
[2009/11/05 18:31:39 | 000,000,089 | ---- | C] () -- C:\Windows\AudioDVD.INI
[2009/10/15 10:32:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 09:01:43 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/10/07 09:16:40 | 000,000,230 | ---- | C] () -- C:\Windows\reimage.ini
[2009/09/17 12:53:46 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2009/08/27 18:58:25 | 000,000,680 | ---- | C] () -- C:\Users\Tinky\AppData\Local\d3d9caps.dat
[2009/08/26 08:05:15 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/21 18:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/21 00:45:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/21 00:45:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/20 17:43:05 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/08/04 22:08:26 | 000,000,008 | ---- | C] () -- C:\Windows\SAGE.INI
[2009/08/04 10:17:19 | 000,000,512 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 14:55:43 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/02 14:55:43 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/02 07:27:11 | 000,056,320 | ---- | C] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:39:20 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 21:38:11 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/26 01:06:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/26 01:06:30 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/12/26 01:06:30 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/11/18 18:17:48 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/11/18 18:09:12 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/11/18 18:09:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/11/18 17:43:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/18 17:03:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,323,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/24 08:18:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2003/09/24 08:18:14 | 000,155,648 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2003/09/24 08:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2003/09/24 08:16:48 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2003/09/24 08:16:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2003/09/24 08:16:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2003/09/24 08:16:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2003/09/24 08:16:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2003/09/24 08:16:12 | 000,241,664 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2003/09/24 08:15:54 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGLIST32.DLL
[2003/09/24 08:15:38 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SGTOOL32.DLL
[2003/09/24 08:15:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGINTL32.DLL
[2003/09/24 08:15:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDT32.DLL
[2003/09/24 08:15:24 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHELP32.DLL
[2003/09/24 08:15:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2003/09/24 08:15:16 | 000,151,552 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2003/09/24 08:15:02 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2003/09/24 08:15:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SGCOM32.DLL
[2003/08/11 10:07:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE
[2003/08/11 10:07:36 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2003/08/11 10:03:26 | 001,581,056 | ---- | C] () -- C:\Windows\System32\SGREP32.DLL
[2003/08/02 10:34:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== Files - Unicode (All) ==========
[2011/04/16 16:01:47 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/04/16 16:01:47 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

Edited by n01paranoid, 16 May 2011 - 03:15 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 16 May 2011 - 06:13 PM

Hello, n01paranoid.

We'll take out those Ask remnants.



Step 1

Please delete this file manually...I'm hesitant to script it out since it's all in unicode so everything is a wildcard.

C:\Windows\System32\獷楬汢捯污






Step 2

You have remnants of McAfee on your computer. We'll clean that up using their tool.

  • Please download MCPR.exe from McAfee and save it to your desktop.
  • Right-click MCPR.exe and select Run as Administrator
  • After you get the CleanUp Successful message, please reboot.[/url]




    Step 3


    Your Open Office is out of date. Please launch OpenOffice and it should tell you there is an update (You're using 3.2, the current version is 3.3). If it doesn't pop up, look under Help and I think there's a check for Updates option in the Help menu.




    Step 4

    We need run an OTL Script
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    [2010/09/24 10:04:15 | 000,000,909 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\conduit.xml
    [2010/02/14 23:50:39 | 000,000,266 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\Search.xml
    [2010/02/14 23:50:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{6406a529-3755-e4ac-0bed-1d0fe7829dbc}
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 17 May 2011 - 03:00 AM

Hi etavares

I've carried out the above instructions. That annoying Ask spyware seems to have gone at last.


There are two things I'd like to mention:

1. I've used and uninstalled many programs in the past such as Avast, AVG, Microsoft Security Essentials etc., and more recently ZoneAlarm and BitDefender free trial security suite. If there were remnants of these or other uninstalled programs would they have shown up in the logs?

2. If there was still any malware on my computer would it have shown up somewhere in the various scans and logs?


Anyway, here are my latest OTL logs:



OTL Run Fix log:

======= OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Softonic-Eng7 Customized Web Search" removed from
browser.search.defaultthis.engineName
Prefs.js: "http://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed
from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
File
C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\conduit.xml
not found.
File
C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\searchplugins\Search.xml
not found.
Folder C:\Program Files\Mozilla
Firefox\extensions\{6406a529-3755-e4ac-0bed-1d0fe7829dbc}\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_083317





OTL Run Scan log:

OTL logfile created on: 5/17/2011 8:45:37 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tinky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 34.79 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 37.61 Gb Free Space | 26.77% Space Free | Partition Type: NTFS

Computer Name: TINKY-PC | User Name: Tinky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
PRC - [2011/05/10 06:19:03 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 10:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
MOD - [2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/09 21:04:29 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/27 08:21:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/19 23:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/29 18:59:19 | 000,050,944 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/19 23:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/28 16:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 32 61 AF C9 12 CA 01 [binary data]
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.8.0.1

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 19:05:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 18:37:17 | 000,000,000 | ---D | M]

[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions
[2009/11/02 18:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/16 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions
[2011/05/16 14:24:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/23 17:50:00 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
[2011/05/16 14:24:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/17 20:13:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/05/14 10:04:30 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Firefox\Profiles\5nr4ta0g.default\extensions\keyscrambler@qfx.software.corporation
[2009/08/04 09:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tinky\AppData\Roaming\Mozilla\Sunbird\Profiles\9y2tt2z2.default\extensions
[2011/05/17 07:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 07:43:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/12 15:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/08/21 00:28:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/12 15:46:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262710541940 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3034742988-1206613618-1168055173-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 07:50:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/05/17 07:45:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/17 07:43:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/17 07:43:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/17 07:43:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/16 12:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/16 11:57:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 11:51:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 11:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/16 11:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/14 19:38:31 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Tinky\Desktop\aswMBR.exe
[2011/05/14 10:04:47 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\QFX Software
[2011/05/14 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2011/05/14 10:04:13 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2011/05/14 10:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2011/05/14 10:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/13 12:28:39 | 000,000,000 | ---D | C] -- C:\Users\Tinky\Desktop\gmer
[2011/05/12 14:52:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/04 11:38:31 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\vlc
[2011/05/04 10:38:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{5A372336-C55B-476C-8D5D-419EB0D41846}
[2011/05/03 19:41:10 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/05/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/05/03 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\RealWorld
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/30 09:24:54 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/04/27 08:25:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 08:25:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 08:25:00 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 19:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{EB854AA9-4A31-44AA-A371-E2F47817C144}
[2011/04/26 19:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/25 09:23:59 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{4FEA6EB4-E19C-4CF9-B1F8-86C03CA8FEEE}
[2011/04/25 06:59:00 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/04/24 16:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/04/24 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/04/24 16:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/04/24 10:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/04/24 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\CheckPoint
[2011/04/24 08:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/04/24 08:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/04/23 11:51:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/04/20 17:10:11 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\PackageAware
[2011/04/20 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Avira
[2011/04/20 16:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/20 16:13:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/20 16:13:23 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/20 16:13:23 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/20 16:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/20 13:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/20 11:02:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/20 09:17:43 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/19 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Tinky\AppData\Local\{B4A45601-AB01-4B31-9982-E3B5A813D66C}
[2011/04/18 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/18 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/18 16:53:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/05/29 16:43:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tinky\AppData\Roaming\pcouffin.sys
[2008/11/18 17:05:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/05/17 08:46:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/17 08:46:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/17 08:42:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/17 08:39:48 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/17 08:39:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 08:39:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 08:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 08:06:41 | 000,325,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/17 07:50:25 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/05/17 07:37:45 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/16 11:45:33 | 000,000,917 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 11:44:56 | 000,000,737 | ---- | M] () -- C:\Users\Tinky\Desktop\NTREGOPT.lnk
[2011/05/16 11:44:56 | 000,000,718 | ---- | M] () -- C:\Users\Tinky\Desktop\ERUNT.lnk
[2011/05/16 11:44:09 | 000,056,320 | ---- | M] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 11:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Tinky\defogger_reenable
[2011/05/14 19:49:51 | 000,000,512 | ---- | M] () -- C:\Users\Tinky\Desktop\MBR.dat
[2011/05/14 19:38:31 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Tinky\Desktop\aswMBR.exe
[2011/05/14 18:58:08 | 000,002,046 | ---- | M] () -- C:\Users\Tinky\Desktop\Google Chrome.lnk
[2011/05/13 12:28:40 | 000,302,080 | ---- | M] () -- C:\Users\Tinky\Desktop\gmer.exe
[2011/05/13 12:22:46 | 000,293,775 | ---- | M] () -- C:\Users\Tinky\Desktop\gmer.zip
[2011/05/13 12:05:53 | 000,005,674 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:54 | 000,004,518 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:09 | 000,009,916 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/12 15:46:03 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/12 15:46:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/12 15:46:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/12 15:46:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/12 14:52:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tinky\Desktop\OTL.exe
[2011/05/11 14:29:41 | 000,000,756 | ---- | M] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 21:04:48 | 000,082,400 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011/05/09 13:00:33 | 000,050,477 | ---- | M] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/05 09:52:59 | 000,004,286 | ---- | M] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/05 08:13:47 | 000,284,744 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2011/05/05 08:13:47 | 000,036,568 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011/05/05 08:13:46 | 000,238,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011/05/05 08:13:46 | 000,019,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2011/05/04 11:36:51 | 020,533,281 | ---- | M] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/02 12:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 12:10:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000UA.job
[2011/05/01 19:03:09 | 000,000,018 | ---- | M] () -- C:\Windows\cmm.dat
[2011/05/01 18:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034742988-1206613618-1168055173-1000Core.job
[2011/04/30 09:24:54 | 000,001,079 | ---- | M] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/30 07:52:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/29 21:51:53 | 000,002,529 | ---- | M] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/29 20:56:15 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tinky\Desktop\TDSSKiller.exe
[2011/04/27 21:53:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 20:24:20 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/26 19:13:18 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:29:18 | 000,068,292 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:15 | 001,395,387 | ---- | M] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/25 07:14:21 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2011/04/21 16:57:09 | 000,006,774 | ---- | M] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2011/04/20 16:18:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/19 19:31:48 | 000,090,824 | ---- | M] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/04/18 20:54:04 | 002,203,680 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

========== Files Created - No Company Name ==========

[2011/05/17 07:50:25 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/05/16 11:45:33 | 000,000,917 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/16 11:44:56 | 000,000,737 | ---- | C] () -- C:\Users\Tinky\Desktop\NTREGOPT.lnk
[2011/05/16 11:44:56 | 000,000,718 | ---- | C] () -- C:\Users\Tinky\Desktop\ERUNT.lnk
[2011/05/16 11:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Tinky\defogger_reenable
[2011/05/14 19:49:51 | 000,000,512 | ---- | C] () -- C:\Users\Tinky\Desktop\MBR.dat
[2011/05/13 12:22:46 | 000,293,775 | ---- | C] () -- C:\Users\Tinky\Desktop\gmer.zip
[2011/05/13 12:05:36 | 000,005,674 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120534.reg
[2011/05/13 12:04:52 | 000,004,518 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120448.reg
[2011/05/13 12:04:06 | 000,009,916 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110513_120402.reg
[2011/05/11 14:29:40 | 000,000,756 | ---- | C] () -- C:\Users\Tinky\Desktop\µTorrent.lnk
[2011/05/09 13:00:32 | 000,050,477 | ---- | C] () -- C:\Users\Tinky\Desktop\Defogger.exe
[2011/05/05 09:52:59 | 000,004,286 | ---- | C] () -- C:\Users\Tinky\Documents\Document0001.cur
[2011/05/04 13:54:12 | 000,302,080 | ---- | C] () -- C:\Users\Tinky\Desktop\gmer.exe
[2011/05/04 11:36:24 | 020,533,281 | ---- | C] () -- C:\Users\Tinky\Documents\vlc-1.1.9-win32.exe
[2011/05/01 19:03:09 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/30 09:24:54 | 000,001,079 | ---- | C] () -- C:\Users\Tinky\Desktop\Revo Uninstaller.lnk
[2011/04/27 21:53:32 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc051d2b681eeb.job
[2011/04/26 19:13:18 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/26 18:43:12 | 000,000,000 | RH-- | C] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011/04/26 11:28:55 | 000,068,292 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110426_112847.reg
[2011/04/25 10:03:14 | 001,395,387 | ---- | C] () -- C:\Users\Tinky\Documents\DSCF0282.jpg
[2011/04/20 13:50:50 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/20 09:17:43 | 000,002,529 | ---- | C] () -- C:\Users\Tinky\Desktop\HiJackThis.lnk
[2011/04/19 19:31:35 | 000,090,824 | ---- | C] () -- C:\Users\Tinky\Documents\cc_20110419_193123.reg
[2011/04/18 20:53:28 | 002,203,680 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/16 15:13:54 | 000,000,043 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\1.gif
[2011/04/16 14:38:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/04/16 14:18:35 | 000,390,554 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/10/14 16:45:47 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/10/14 16:45:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/10/05 12:36:02 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/09/16 14:08:59 | 000,673,280 | ---- | C] () -- C:\Windows\is-L89AD.exe
[2010/08/20 16:20:09 | 000,673,280 | ---- | C] () -- C:\Windows\is-2THAP.exe
[2010/08/17 11:21:50 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/08/16 15:41:54 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/16 15:41:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/16 14:36:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/29 16:45:21 | 000,001,057 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\vso_ts_preview.xml
[2010/05/29 16:43:56 | 000,087,608 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\inst.exe
[2010/05/29 16:43:56 | 000,007,887 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.cat
[2010/05/29 16:43:56 | 000,001,144 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\pcouffin.inf
[2010/03/31 16:29:17 | 000,006,774 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\.freeciv-client-rc-2.2
[2010/02/19 01:54:11 | 000,673,280 | ---- | C] () -- C:\Windows\is-CU3SV.exe
[2010/02/17 22:53:36 | 000,000,530 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/01 00:46:05 | 000,673,280 | ---- | C] () -- C:\Windows\is-6TB6E.exe
[2009/12/30 15:35:29 | 000,133,368 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/29 18:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2009/11/29 22:42:12 | 000,023,888 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\UserTile.png
[2009/11/17 19:41:22 | 000,000,335 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\burnaware.ini
[2009/11/05 18:31:39 | 000,000,089 | ---- | C] () -- C:\Windows\AudioDVD.INI
[2009/10/15 10:32:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 09:01:43 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/10/07 09:16:40 | 000,000,230 | ---- | C] () -- C:\Windows\reimage.ini
[2009/09/17 12:53:46 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2009/08/27 18:58:25 | 000,000,680 | ---- | C] () -- C:\Users\Tinky\AppData\Local\d3d9caps.dat
[2009/08/26 08:05:15 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/21 18:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/21 00:45:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/21 00:45:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/20 17:43:05 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/08/04 22:08:26 | 000,000,008 | ---- | C] () -- C:\Windows\SAGE.INI
[2009/08/04 10:17:19 | 000,000,512 | ---- | C] () -- C:\Users\Tinky\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 14:55:43 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/02 14:55:43 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/02 07:27:11 | 000,056,320 | ---- | C] () -- C:\Users\Tinky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:39:20 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 21:38:11 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/26 01:06:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/26 01:06:30 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/12/26 01:06:30 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/11/18 18:47:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/11/18 18:17:48 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/11/18 18:09:12 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/11/18 18:09:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/11/18 18:09:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/11/18 17:43:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/18 17:03:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,325,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/24 08:18:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2003/09/24 08:18:14 | 000,155,648 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2003/09/24 08:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2003/09/24 08:16:48 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2003/09/24 08:16:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2003/09/24 08:16:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2003/09/24 08:16:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2003/09/24 08:16:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2003/09/24 08:16:12 | 000,241,664 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2003/09/24 08:15:54 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGLIST32.DLL
[2003/09/24 08:15:38 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SGTOOL32.DLL
[2003/09/24 08:15:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGINTL32.DLL
[2003/09/24 08:15:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDT32.DLL
[2003/09/24 08:15:24 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHELP32.DLL
[2003/09/24 08:15:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2003/09/24 08:15:16 | 000,151,552 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2003/09/24 08:15:02 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2003/09/24 08:15:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SGCOM32.DLL
[2003/08/11 10:07:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE
[2003/08/11 10:07:36 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2003/08/11 10:03:26 | 001,581,056 | ---- | C] () -- C:\Windows\System32\SGREP32.DLL
[2003/08/02 10:34:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

< End of report >




n01paranoid

Edited by n01paranoid, 17 May 2011 - 04:00 AM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 17 May 2011 - 04:54 PM

Hello, n01paranoid.

Your logs appear clean, but we can never truly be 100% sure. If it's running well for you and the logs are clean...then that says you are likely clean. I am having you run another virus scan here to get a second opinion.



Step 1

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    J2SE Runtime Environment 5.0 Update 22
    J2SE Development Kit 5.0 Update 22
    Java™ SE Development Kit 6 Update 17
  • Reboot your computer once all Java components are removed.




Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 18 May 2011 - 04:56 AM

Hi etavares

Step 1

I sure had a lot of versions of Java. I've uninstalled all of them except for Java TM6 Update 25.

I read on one of your forums there were serious security issues with an older version of Adobe Download Manager (pre February 2010) which I hadn't updated, so I uninstalled that aswell.


Steps 2 and 3

The MBAM and ESET scans found no threats (no ESET log available).



MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6608

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/18/2011 10:48:58 AM
mbam-log-2011-05-18 (10-48-58).txt

Scan type: Quick scan
Objects scanned: 159676
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


n01paranoid

Edited by n01paranoid, 18 May 2011 - 05:13 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users