Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus - Tried everything


  • This topic is locked This topic is locked
3 replies to this topic

#1 Paryzo

Paryzo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 27 July 2011 - 03:30 AM

Hi, I'm new to this forum and I need some serious help getting rid of the redirect virus which has been driving me crazy for about 3 days.

I have read a lot of topics and posts about it following instructions, downloading this, scanning and checking this. Unfortunately none of them seemed to work so I decided to create an account and post this.

This is what I have tried + Logs.

Here is my current hosts file.
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

#############################
Internet & Networking options
#############################

(LAN) Settings -
Proxy server - Un-checked
Automatic configuration script - Un-checked
Automatic detect settings - Un-checked

Internet security level - Medium/High

[Network Connections]

This connection uses the following items -
ALL checked.

Internet protocol version 4 (TCP/IPv4)

Obtain Ip address automatically - Checked
Use the following up address - Un-checked

Obtain DNS server automatically - Checked
Use the following DNS server - Un-checked

Internet protocol version 6 (TCP/IPv6)

Obtain Ip address automatically - Checked
Use the following up address - Un-checked

Obtain DNS server automatically - Checked
Use the following DNS server - Un-checked


######## Scan Results ########

- TDDSkiller

Nothing Found.
*Could not locate a log*


- Goored Fix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:19 on 26/07/2011 (Julie Merkouris)
Firefox version 5.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:00 16/05/2011]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [11:29 20/02/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [17:38 08/07/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [21:06 05/04/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [18:10 06/07/2011]

C:\Users\Julie Merkouris\Application Data\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [15:40 04/09/2009]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [20:42 11/05/2011]
{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [15:53 06/11/2008]
{E9A1DEE0-C623-4439-8932-001E7D17607D} [19:07 05/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:00 10/03/2009]

---------- Old Logs ----------
GooredFix[19.06.07_26-07-2011].txt

-=E.O.F=-

- MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Gigabyte Technology Co., Ltd.
BIOS Manufacturer:		Award Software International, Inc.
System Manufacturer:		Gigabyte Technology Co., Ltd.
System Product Name:		P35-DS3L
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 151):
  0x82A02000 \SystemRoot\system32\ntkrnlpa.exe
  0x82DBC000 \SystemRoot\system32\hal.dll
  0x80609000 \SystemRoot\system32\kdcom.dll
  0x80610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80680000 \SystemRoot\system32\PSHED.dll
  0x80691000 \SystemRoot\system32\BOOTVID.dll
  0x80699000 \SystemRoot\system32\CLFS.SYS
  0x806DA000 \SystemRoot\system32\CI.dll
  0x8840D000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x88489000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x88496000 \SystemRoot\system32\drivers\acpi.sys
  0x884DC000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x884E5000 \SystemRoot\system32\drivers\msisadrv.sys
  0x884ED000 \SystemRoot\system32\drivers\pci.sys
  0x88514000 \SystemRoot\System32\drivers\partmgr.sys
  0x88523000 \SystemRoot\system32\drivers\volmgr.sys
  0x88532000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8857C000 \SystemRoot\system32\drivers\pciide.sys
  0x88583000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x88591000 \SystemRoot\System32\drivers\mountmgr.sys
  0x885A1000 \SystemRoot\system32\drivers\atapi.sys
  0x885A9000 \SystemRoot\system32\drivers\ataport.SYS
  0x885C7000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807BA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8860F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88680000 \SystemRoot\system32\drivers\ndis.sys
  0x8878B000 \SystemRoot\system32\drivers\msrpc.sys
  0x887B6000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88804000 \SystemRoot\System32\drivers\tcpip.sys
  0x888EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x88A0C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88B1C000 \SystemRoot\system32\drivers\volsnap.sys
  0x88B55000 \SystemRoot\System32\Drivers\spldr.sys
  0x88B5D000 \SystemRoot\system32\speedfan.sys
  0x88B5F000 \SystemRoot\System32\Drivers\mup.sys
  0x88B6E000 \SystemRoot\system32\giveio.sys
  0x88B6F000 \SystemRoot\System32\drivers\ecache.sys
  0x88B96000 \SystemRoot\system32\drivers\disk.sys
  0x88BA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x88BC8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x88BF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x88A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x88909000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8D40E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8DE3B000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x8DE3F000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8DEDF000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DEEB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8DEF6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8DF34000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8DF43000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8DFD0000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DFE8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x88918000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8893E000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8DFEE000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x88958000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8D400000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
  0x88970000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8899F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x889E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DFF8000 \SystemRoot\system32\DRIVERS\vcsvad.sys
  0x807CA000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x8EA03000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x8EA28000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EA52000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EA69000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EA74000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EA97000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EAA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EABA000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EACF000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8EAD4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EAE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8EAEF000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8EAFA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EAFC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EB06000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EB13000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EB48000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8E80C000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E9BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8E9C4000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E9CB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E9D2000 \SystemRoot\system32\DRIVERS\ehdrv.sys
  0x8E9F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8E800000 \SystemRoot\System32\drivers\vga.sys
  0x8EB6C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E9EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8EB8D000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8EB95000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8EBA0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8EBAE000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EBB7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8EBCD000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8E609000 \SystemRoot\system32\drivers\afd.sys
  0x8E651000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8E683000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8E699000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8E6A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8E6BA000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x8E6C7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E703000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E70D000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E724000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8E72D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8E73D000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E73F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8E747000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E75E000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8E770000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8E779000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E786000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8E791000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xA3C90000 \SystemRoot\System32\win32k.sys
  0x8E799000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8E7A3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0xA3EB0000 \SystemRoot\System32\TSDDD.dll
  0xA3ED0000 \SystemRoot\System32\cdd.dll
  0xA3EE0000 \SystemRoot\System32\ATMFD.DLL
  0x8E7B2000 \SystemRoot\system32\drivers\luafv.sys
  0xA7008000 \SystemRoot\system32\DRIVERS\eamon.sys
  0xA70C4000 \SystemRoot\system32\DRIVERS\epfw.sys
  0xA70EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA70FF000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA7129000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA7133000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA7146000 \SystemRoot\system32\drivers\spsys.sys
  0xA840F000 \SystemRoot\system32\drivers\HTTP.sys
  0xA847C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA8495000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA84AA000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA84CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA84EA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA8523000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA853B000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA8542000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
  0xA8E07000 \SystemRoot\system32\drivers\peauth.sys
  0xA8EE5000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA8EEF000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA8F0C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA8F18000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA8F40000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA8F8F000 \??\C:\Program Files\MSI Afterburner\RTCore32.sys
  0xA8F91000 \SystemRoot\system32\drivers\tdtcp.sys
  0xA8F9C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA8FA8000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xA8FB1000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA8FE4000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA8FFA000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x775F0000 \Windows\System32\ntdll.dll

Processes (total 68):
       0 System Idle Process
       4 SYSTEM
     540 C:\Windows\System32\smss.exe
     620 csrss.exe
     664 C:\Windows\System32\wininit.exe
     684 csrss.exe
     716 C:\Windows\System32\services.exe
     736 C:\Windows\System32\lsass.exe
     748 C:\Windows\System32\lsm.exe
     812 C:\Windows\System32\winlogon.exe
     920 C:\Windows\System32\svchost.exe
     964 C:\Windows\System32\nvvsvc.exe
    1000 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1288 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    1300 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\SLsvc.exe
    1412 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\svchost.exe
    1500 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1516 C:\Windows\System32\nvvsvc.exe
    1732 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    1920 C:\Windows\System32\dwm.exe
    1964 C:\Windows\explorer.exe
     372 C:\Windows\System32\spoolsv.exe
     396 C:\Windows\System32\taskeng.exe
     548 C:\Windows\System32\svchost.exe
     912 C:\Windows\System32\rundll32.exe
    1204 C:\Windows\System32\taskeng.exe
    1420 C:\Program Files\MSI Afterburner\MSIAfterburner.exe
    1616 C:\Windows\System32\taskeng.exe
     608 C:\Windows\System32\svchost.exe
     904 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1852 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1620 C:\Windows\System32\FsUsbExService.Exe
    1832 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    1084 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2112 C:\Windows\System32\PnkBstrA.exe
    2132 C:\Windows\System32\svchost.exe
    2148 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2180 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2236 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2304 C:\Windows\System32\svchost.exe
    2340 C:\Windows\System32\svchost.exe
    2368 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2416 C:\Windows\System32\SearchIndexer.exe
    2844 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3284 C:\Windows\RtHDVCpl.exe
    3456 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    3468 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3760 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3848 C:\Windows\System32\wbem\unsecapp.exe
    3928 WmiPrvSE.exe
    4004 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1796 dllhost.exe
    3508 C:\Windows\System32\svchost.exe
    3740 C:\Windows\System32\wuauclt.exe
     916 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    5732 C:\Program Files\Mozilla Firefox\firefox.exe
    4212 C:\Program Files\ESET\ESET Smart Security\egui.exe
    3688 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5084 C:\Windows\System32\notepad.exe
    5016 <unknown>
    3608 <unknown>
    5796 C:\Users\Julie Merkouris\Downloaded Files\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`b1e00000  (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3320820AS, Rev: 3.AAE   

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

- OTL Scan

OTL logfile created on: 27/07/2011 08:26:58 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Julie Merkouris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.09% Memory free
4.24 Gb Paging File | 3.04 Gb Available in Paging File | 71.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.78 Gb Total Space | 20.74 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 40.20 Gb Free Space | 20.58% Space Free | Partition Type: NTFS
 
Computer Name: JULIEMERKOUR-PC | User Name: Julie Merkouris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/07/27 08:25:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Julie Merkouris\Desktop\OTL.exe
PRC - [2011/07/08 08:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/11 07:27:38 | 003,097,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 15:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 15:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2007/04/23 08:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/07/27 08:25:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Julie Merkouris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (getPlus(R) Helper) getPlus(R)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (ASKUpgrade)
SRV - [2011/07/20 16:58:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/07/20 16:58:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/07/13 19:52:59 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/23 00:33:58 | 003,435,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/06 15:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 15:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/09 12:46:24 | 000,410,976 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/16 06:06:24 | 000,062,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Cheat Engine 6\dbk32.sys -- (CEDRIVER60)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/31 11:39:58 | 000,017,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XENfiltv.sys -- (XENfiltv)
DRV - [2009/07/15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/15 11:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/06 15:24:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/02/06 15:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 15:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 15:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 15:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/03 17:14:16 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/15 17:28:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:01:16 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/25 04:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2001/12/17 12:25:58 | 000,015,417 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WebSTAR.sys -- (WebSTARNdis)
DRV - [2001/05/07 11:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) TrashTalk Drivers (usbio.sys)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A0 CE 8D 64 E8 CB 01  [binary data]
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Julie Merkouris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/26 22:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:05:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/03/04 00:01:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/08/19 17:13:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox
 
[2008/06/28 20:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Extensions
[2011/06/28 15:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions
[2009/09/04 16:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 21:42:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008/11/06 16:53:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/05 20:07:19 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/11/14 09:17:11 | 000,002,163 | ---- | M] () -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\searchplugins\bing.xml
[2008/09/06 22:23:31 | 000,001,295 | ---- | M] () -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\searchplugins\ebaycouk-mis-spellings.xml
[2008/11/02 01:55:20 | 000,002,108 | ---- | M] () -- C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Profiles\uok3hjwm.default\searchplugins\youtube-video-search.xml
[2011/07/26 22:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 22:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 19:10:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JULIE MERKOURIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UOK3HJWM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011/07/08 08:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/07/25 16:20:39 | 000,000,795 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 				activate.adobe.com
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6308.1122\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [XboxStat]  File not found
O4 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-723309260-2270040498-1944116987-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-723309260-2270040498-1944116987-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube Download - C:\Users\Julie Merkouris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Julie Merkouris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -  File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -  File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -  File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -  File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -  File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julie Merkouris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/05 19:34:55 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{df4b8e0c-8095-11dc-ab55-001a4d4e8a1e}\Shell\AutoRun\command - "" = F:\cpuz.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-723309260-2270040498-1944116987-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator
[2011/07/27 08:25:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Julie Merkouris\Desktop\OTL.exe
[2011/07/26 22:21:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/26 22:21:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/26 22:21:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/26 22:21:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/26 22:21:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/26 22:21:20 | 000,000,000 | --SD | C] -- \ComboFix
[2011/07/26 22:19:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/26 22:19:24 | 000,000,000 | ---D | C] -- \Qoobox
[2011/07/26 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Desktop\Logs
[2011/07/26 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Desktop\GooredFix Backups
[2011/07/25 16:40:28 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011/07/25 16:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSI Afterburner
[2011/07/25 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/07/25 16:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/07/25 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Desktop\Utorrent
[2011/07/25 12:57:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/07/25 12:53:25 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/07/25 12:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/07/25 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\DAEMON Tools Net
[2011/07/25 12:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net
[2011/07/25 10:43:20 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Desktop\VPKtool
[2011/07/25 10:18:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/07/25 10:18:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/07/25 10:18:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/07/25 10:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/07/25 10:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/07/25 10:17:38 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/07/25 09:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\TrueTransparency
[2011/07/25 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Vista Rainbar
[2011/07/22 00:56:28 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2011/07/22 00:55:59 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\WindSolutions
[2011/07/22 00:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/07/21 23:30:07 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Documents\Unnamed Site 2
[2011/07/21 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Documents\Amnesia
[2011/07/21 18:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011/07/21 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Amnesia - The Dark Descent
[2011/07/20 18:32:19 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\New Folder
[2011/07/20 16:58:32 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/07/20 16:58:29 | 002,902,496 | ---- | C] (Creative) -- C:\Windows\System32\Sens_oal.dll
[2011/07/20 16:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011/07/20 16:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/07/19 14:15:32 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/07/19 14:15:25 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/07/19 14:15:25 | 000,000,000 | ---D | C] -- \Fraps
[2011/07/18 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/07/18 12:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/07/17 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Local\Apps
[2011/07/17 10:16:50 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Local\Deployment
[2011/07/13 02:31:42 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\.minecraft
[2011/07/12 21:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity NEW
[2011/07/09 03:09:02 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Local\VS Revo Group
[2011/07/09 03:08:59 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/07/09 03:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/07/09 03:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/07/08 22:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
[2011/07/08 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\VTFEdit
[2011/07/06 16:44:00 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StudioCompiler
[2011/07/06 16:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioCompiler
[2011/07/05 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Local\Autodesk
[2011/07/05 20:12:21 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - English
[2011/07/05 20:10:15 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Documents\3dsMax
[2011/07/05 20:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/07/05 20:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/07/05 20:00:43 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Autodesk
[2011/07/05 20:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/07/05 19:34:55 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/07/05 19:34:55 | 000,000,000 | ---D | C] -- \Autodesk
[2011/07/05 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/07/05 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Wings3D
[2011/07/04 19:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/07/04 19:55:27 | 000,000,000 | ---D | C] -- C:\Python27
[2011/07/04 19:55:27 | 000,000,000 | ---D | C] -- \Python27
[2011/07/04 19:43:58 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Blender Foundation
[2011/07/04 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011/07/01 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Local\Nem's Tools
[2011/07/01 19:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCFScape
[2011/07/01 19:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\GCFScape
[2011/07/01 18:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
[2011/07/01 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\GhostMouse
[2011/07/01 00:29:19 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Changer Software DIAMOND
[2011/07/01 00:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\AV Vcs 7.0 DIAMOND
[2011/06/29 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Julie Merkouris\Darkstorm
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/07/27 08:25:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Julie Merkouris\Desktop\OTL.exe
[2011/07/27 06:34:15 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/27 06:34:14 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/27 06:32:43 | 000,000,330 | -HS- | M] () -- C:\Windows\tasks\XKUAIIJBMA.job
[2011/07/27 06:32:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/26 22:33:56 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/26 22:23:42 | 000,001,757 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Windows Defender.lnk
[2011/07/26 12:39:55 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/25 17:14:43 | 000,066,048 | RHS- | M] () -- C:\Windows\System32\dllhst3g8.dll
[2011/07/25 16:57:12 | 002,190,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 16:06:26 | 342,050,816 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Adobe Dreamweaver CS5.iso
[2011/07/25 13:06:53 | 004,381,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/25 13:06:53 | 002,018,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/25 12:53:25 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/07/25 10:33:43 | 000,151,552 | ---- | M] () -- C:\Windows\System32\nvRegDev.dll
[2011/07/25 10:19:45 | 000,000,200 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/07/25 10:19:19 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/07/25 10:17:58 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/07/25 09:37:49 | 006,912,054 | ---- | M] () -- C:\Windows\clwcp.bmp
[2011/07/24 22:47:16 | 002,162,956 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\PyroDance.gif
[2011/07/24 21:27:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/24 21:26:29 | 000,148,992 | ---- | M] () -- C:\Users\Julie Merkouris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/23 19:13:07 | 000,000,034 | ---- | M] () -- C:\Users\Julie Merkouris\jagex_runescape_preferences.dat
[2011/07/23 19:12:46 | 000,000,129 | ---- | M] () -- C:\Users\Julie Merkouris\jagex_runescape_preferences2.dat
[2011/07/21 18:53:53 | 000,001,975 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Amnesia.lnk
[2011/07/21 18:16:46 | 000,912,941 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Epic Fail.gif
[2011/07/20 16:58:42 | 000,000,304 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011/07/20 16:58:32 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/07/19 14:15:32 | 000,000,524 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Fraps.lnk
[2011/07/13 02:31:32 | 000,270,142 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Minecraft.exe
[2011/07/09 03:08:59 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/07/08 22:25:01 | 000,000,738 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\VTFEdit.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/01 20:24:09 | 000,098,280 | ---- | M] () -- C:\Users\Julie Merkouris\Documents\rec_VcsCore_20-23-58.mp3
[2011/07/01 19:07:40 | 000,000,804 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\GCFScape.lnk
[2011/07/01 00:29:29 | 000,001,033 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Voice Changer 7.0 Diamond.lnk
[2011/06/30 07:41:13 | 000,000,228 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Team Fortress 2.url
[2011/06/30 07:34:50 | 000,000,796 | ---- | M] () -- C:\Users\Julie Merkouris\Desktop\Steam.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/07/26 22:33:56 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/26 22:33:56 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/26 22:23:42 | 000,001,757 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Windows Defender.lnk
[2011/07/26 22:21:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/26 22:21:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/26 22:21:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/26 22:21:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/26 22:21:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/26 12:39:55 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/25 17:22:32 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
[2011/07/25 17:21:13 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
[2011/07/25 17:21:06 | 000,001,348 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/07/25 17:20:33 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/07/25 17:14:43 | 000,066,048 | RHS- | C] () -- C:\Windows\System32\dllhst3g8.dll
[2011/07/25 17:14:43 | 000,000,330 | -HS- | C] () -- C:\Windows\tasks\XKUAIIJBMA.job
[2011/07/25 16:40:28 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011/07/25 16:01:14 | 342,050,816 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Adobe Dreamweaver CS5.iso
[2011/07/25 10:33:51 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/07/25 10:18:58 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/07/25 10:18:52 | 000,000,200 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/07/25 10:17:58 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/07/25 09:37:49 | 000,017,025 | ---- | C] () -- C:\Windows\System32\vilang.sif
[2011/07/25 09:37:48 | 000,184,142 | ---- | C] () -- C:\Windows\System32\vilaunch.exe
[2011/07/24 22:46:33 | 002,162,956 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\PyroDance.gif
[2011/07/21 18:53:53 | 000,001,975 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Amnesia.lnk
[2011/07/21 18:16:20 | 000,912,941 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Epic Fail.gif
[2011/07/20 19:06:16 | 000,000,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2011/07/20 16:58:37 | 000,182,272 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/07/20 16:58:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011/07/19 14:15:32 | 000,000,524 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Fraps.lnk
[2011/07/13 02:31:27 | 000,270,142 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Minecraft.exe
[2011/07/09 03:08:59 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/07/08 22:25:01 | 000,000,738 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\VTFEdit.lnk
[2011/07/01 20:24:02 | 000,098,280 | ---- | C] () -- C:\Users\Julie Merkouris\Documents\rec_VcsCore_20-23-58.mp3
[2011/07/01 19:07:40 | 000,000,804 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\GCFScape.lnk
[2011/07/01 00:29:29 | 000,001,033 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Voice Changer 7.0 Diamond.lnk
[2011/06/30 07:31:33 | 000,000,796 | ---- | C] () -- C:\Users\Julie Merkouris\Desktop\Steam.lnk
[2011/06/02 18:25:12 | 000,109,516 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/24 21:33:21 | 000,570,244 | ---- | C] () -- \Clock eye.jpg
[2011/05/08 11:59:28 | 000,000,694 | -H-- | C] () -- \os604495.bin
[2011/05/07 10:27:59 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe
[2011/05/07 10:27:59 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe
[2011/05/07 10:27:58 | 000,517,120 | ---- | C] () -- C:\Windows\System32\CLWCP.exe
[2011/05/07 10:27:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\moveex.exe
[2011/05/01 17:00:01 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2011/04/10 20:15:36 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/04/10 20:15:34 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/04 15:24:48 | 000,011,176 | -HS- | C] () -- C:\Users\Julie Merkouris\AppData\Local\l8h6k22165o6e645bt4xcs1558h
[2011/04/01 00:59:33 | 000,015,054 | -HS- | C] () -- C:\Users\Julie Merkouris\AppData\Local\7a3d8u8784tdd04w7i4a1pj
[2011/03/31 08:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2010/11/04 08:01:46 | 000,032,434 | ---- | C] () -- C:\Windows\System32\xfiXEN.ini
[2010/04/07 22:37:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/06 22:23:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010/04/06 20:39:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/04/06 20:39:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/09/14 08:06:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 08:06:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/08 18:47:12 | 000,000,085 | ---- | C] () -- C:\Users\Julie Merkouris\AppData\Roaming\RSBot Accounts.ini
[2009/06/18 22:57:34 | 000,003,167 | ---- | C] () -- C:\Users\Julie Merkouris\AppData\Roaming\NMM-MetaData.db
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/23 16:16:23 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/22 03:22:51 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/07/28 20:25:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/23 17:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/29 14:02:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2008/05/29 14:02:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/05/29 14:02:23 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/05/14 16:07:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/03/14 17:59:47 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2008/03/14 17:59:19 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/03/14 17:59:19 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OnlineScannerUninstaller.exe
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/10/22 12:59:02 | 000,148,992 | ---- | C] () -- C:\Users\Julie Merkouris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/14 19:22:30 | 000,031,007 | ---- | C] () -- C:\Users\Julie Merkouris\AppData\Roaming\UserTile.png
[2007/10/11 21:22:19 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2007/10/11 21:22:18 | 000,383,200 | RHS- | C] () -- \bootmgr
[2007/10/11 13:30:55 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007/10/11 12:33:58 | 000,000,680 | ---- | C] () -- C:\Users\Julie Merkouris\AppData\Local\d3d9caps.dat
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 002,190,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 004,381,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 002,018,678 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/07/13 02:33:19 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\.minecraft
[2011/05/16 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Ableton
[2011/05/03 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Acoustica
[2008/12/25 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Any Flv Converter
[2010/01/05 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Atari
[2011/07/21 11:25:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Audacity
[2011/07/05 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Autodesk
[2011/05/02 18:19:02 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Avnex
[2009/07/26 17:43:49 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Bioshock
[2011/07/04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Blender Foundation
[2011/04/29 22:47:44 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Canon
[2011/01/02 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Celemony Software GmbH
[2011/06/20 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/01/24 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Crayon Physics Deluxe
[2009/04/12 01:30:16 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DAEMON Tools
[2009/04/12 01:31:01 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DAEMON Tools Lite
[2011/07/25 12:45:13 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DAEMON Tools Net
[2011/07/25 12:48:51 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DAEMON Tools Pro
[2008/04/22 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DataLayer
[2008/12/31 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Datel
[2011/05/12 18:53:01 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/03/04 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\ESET
[2010/09/19 14:33:00 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\GameTuts
[2011/05/08 11:44:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\GetRightToGo
[2011/02/22 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\godzHell
[2011/03/30 17:58:22 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Guitar Pro 6
[2008/05/29 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\KALiNKOsoft
[2011/06/10 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Lionhead Studios
[2011/02/17 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\LolClient
[2011/06/26 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Magnifier
[2011/04/05 22:31:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\minecraft-server
[2011/07/26 19:37:50 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Mumble
[2009/06/25 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Nokia
[2011/04/20 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Notepad++
[2009/05/08 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\PC Suite
[2007/10/14 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\PeerNetworking
[2009/02/13 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Publish Providers
[2011/04/10 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\PunkBuster
[2008/11/08 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Red Alert 3
[2010/04/06 20:39:40 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Samsung
[2011/05/31 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Screaming Bee
[2010/01/02 11:17:09 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\ScripterRon
[2011/05/07 11:12:55 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\SeriousBit
[2009/02/16 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Sony
[2011/05/03 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\SynthMaker
[2011/05/07 10:59:25 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\TuneUp Software
[2011/05/16 16:36:07 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Unity
[2011/07/25 16:38:30 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\uTorrent
[2011/07/26 13:10:54 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\ViStart
[2011/07/22 01:04:28 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\WindSolutions
[2011/07/05 17:13:00 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Wings3D
[2011/02/24 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\Julie Merkouris\AppData\Roaming\Youtube Downloader HD
[2011/07/26 22:42:22 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/27 06:32:43 | 000,000,330 | -HS- | M] () -- C:\Windows\Tasks\XKUAIIJBMA.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0CB6E0BD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F8662B30
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

- Mbam Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7286

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

26/07/2011 22:18:48
mbam-log-2011-07-26 (22-18-48).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have also tried scanning with Eset' & Ad-Aware but both came out with positive results.
I cannot find the logs though :@

Can anybody suggest what to do? I have tried almost everything but I haven't got any closer to getting rid of it.

Thanks alot,
Paryzo.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 01 August 2011 - 12:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 04 August 2011 - 01:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 August 2011 - 02:27 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users