[Diz187]

Ok so one time I was surfing the net on google chrome, then suddenly windows defender got switched off and all [bleep] broke loose. At first I didn't think anything had happened then chrome stopped working and I got random pop ups on IE.

I eventually saw

Qto.exe
Qmapec.exe

in task manager and each time I deleted the process they kept starting up. So I emptied the temp folder in which the file was in. I then installed Avg and started on getting my system back up to speed. This involved numerous scans from trends housecall, spybot, windows-kb890830-v3.6, adware 2007, IObit security,and lastly the avg scan.

Then I did everything on the Malware-Spyware-Cleaning-Guide and I've got rid of a lot of infections.

The only thing now is every 30mins to an hour I get a random pop up on firefox to some .php site.

And if you follow this link, my connections on my network or something is infected?
http://i43.tinypic.com/14t7ods.jpg
If anyone has any advice they could give, it would be much appreciated.

Thanks in advance
Diz

[Advertisements]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[Diz187]

OTL.txt[/color]

OTL logfile created on: 07/05/2010 01:57:18 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Diz\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.96 Gb Total Space | 5.61 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive D: | 68.73 Gb Total Space | 61.38 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIZ-PC
Current User Name: Diz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Diz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Diz\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Diz\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\eNetHook.dll (acer)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrw7x) -- C:\Windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AVer3xEn) -- C:\Windows\System32\drivers\AVer3xEn.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 23 5C A3 03 E7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/27 19:29:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/16 19:21:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 19:21:57 | 000,000,000 | ---D | M]

[2010/03/05 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\Mozilla\Extensions
[2010/05/07 01:49:27 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\Mozilla\Firefox\Profiles\wi9i7gqh.default\extensions
[2010/03/19 02:49:45 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\Mozilla\Firefox\Profiles\wi9i7gqh.default\extensions\[email protected]
[2010/05/07 01:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/27 23:52:57 | 000,392,763 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13563 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CGF-lol] C:\Windows\System32\Hackhoundserver.exe File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SkyTel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunServices: [CGF-lol] C:\Windows\System32\Hackhoundserver.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2467394d-3900-11df-b713-9d44263c4609}\Shell - "" = AutoRun
O33 - MountPoints2\{2467394d-3900-11df-b713-9d44263c4609}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 17:41:18 | 000,000,000 | ---D | C] -- C:\Users\Diz\AppData\Roaming\Malwarebytes
[2010/05/06 17:40:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/06 17:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/06 17:40:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/06 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 17:16:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/06 17:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/06 16:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/05/06 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/03 16:49:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/01 01:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/01 01:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/30 15:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2010/04/30 15:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\jessops
[2010/04/28 17:21:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/27 20:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/27 20:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/27 19:46:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/27 19:34:28 | 000,000,000 | ---D | C] -- C:\Users\Diz\AppData\Roaming\AVG9
[2010/04/27 19:11:47 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 19:11:47 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/04/27 19:11:47 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 19:11:46 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 19:11:37 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 19:11:34 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 19:11:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/04/27 19:10:47 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 19:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/27 19:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/27 19:05:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\explorer
[2010/04/27 16:34:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/04/27 16:32:04 | 010,043,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Diz\Desktop\windows-kb890830-v3.6.exe
[2010/04/27 16:32:03 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Diz\Desktop\spybotsd162.exe
[2010/04/27 16:32:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Diz\Desktop\HiJackThis.exe
[2010/04/27 00:13:29 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/04/26 23:58:59 | 000,000,000 | ---D | C] -- C:\Users\Diz\AppData\Local\HWLPCDRW
[2010/04/26 23:21:44 | 000,000,000 | ---D | C] -- C:\Users\Diz\Documents\My Downloads
[2010/04/23 18:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2010/04/12 05:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/08 21:53:58 | 000,000,000 | ---D | C] -- C:\MoTemp
[2010/04/08 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Diz\Documents\Fragments
[2010/04/08 18:44:24 | 000,000,000 | ---D | C] -- C:\Users\Diz\Desktop\Halo Custom Edition
[2010/02/25 02:40:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/05/07 01:57:25 | 007,340,032 | ---- | M] () -- C:\Users\Diz\NTUSER.DAT
[2010/05/07 01:29:28 | 059,653,055 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/07 01:26:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000UA.job
[2010/05/07 00:12:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 00:12:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 21:19:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 21:18:23 | 000,524,288 | -HS- | M] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TMContainer00000000000000000002.regtrans-ms
[2010/05/06 21:18:23 | 000,524,288 | -HS- | M] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 21:18:22 | 000,065,536 | -HS- | M] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TM.blf
[2010/05/06 21:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/06 21:17:31 | 1609,129,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 21:08:12 | 007,340,032 | -HS- | M] () -- C:\Users\Diz\NTUSER.bak
[2010/05/06 18:45:55 | 337,689,396 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 17:56:25 | 001,554,562 | -H-- | M] () -- C:\Users\Diz\AppData\Local\IconCache.db
[2010/05/06 17:26:03 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000Core.job
[2010/05/06 17:14:17 | 000,000,898 | ---- | M] () -- C:\Users\Diz\Desktop\NTREGOPT.lnk
[2010/05/06 17:14:17 | 000,000,879 | ---- | M] () -- C:\Users\Diz\Desktop\ERUNT.lnk
[2010/05/06 16:49:42 | 000,185,369 | ---- | M] () -- C:\Users\Diz\Desktop\njn.png
[2010/05/06 14:10:15 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/06 14:10:15 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/06 14:10:15 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/05 21:29:05 | 000,585,123 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/01 01:32:59 | 000,002,155 | ---- | M] () -- C:\Users\Diz\Desktop\Ad-Aware 2007.lnk
[2010/05/01 01:32:54 | 000,002,155 | ---- | M] () -- C:\Users\Diz\Desktop\Ad-Watch 2007.lnk
[2010/04/30 15:45:58 | 000,189,763 | ---- | M] () -- C:\Users\Diz\Desktop\jessops.png
[2010/04/30 15:24:58 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Jessops.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 19:21:44 | 000,473,976 | ---- | M] () -- C:\Users\Diz\Desktop\amgg.png
[2010/04/28 17:23:10 | 000,002,243 | ---- | M] () -- C:\Users\Diz\Desktop\Google Chrome.lnk
[2010/04/27 23:52:57 | 000,392,763 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/27 19:25:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 19:11:47 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 19:11:47 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/04/27 19:11:47 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 19:11:47 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 19:11:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 19:11:34 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 19:11:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 19:10:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 18:58:42 | 000,000,793 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2010/04/27 18:58:42 | 000,000,793 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100427-235257.backup
[2010/04/27 13:28:54 | 000,000,178 | ---- | M] () -- C:\Users\Diz\Desktop\HijackThis Logfileauswertung.url
[2010/04/27 13:25:42 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Diz\Desktop\spybotsd162.exe
[2010/04/27 13:19:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Diz\Desktop\HiJackThis.exe
[2010/04/27 12:57:54 | 010,043,336 | ---- | M] (Microsoft Corporation) -- C:\Users\Diz\Desktop\windows-kb890830-v3.6.exe
[2010/04/27 00:13:18 | 000,000,036 | ---- | M] () -- C:\Users\Diz\AppData\Local\housecall.guid.cache
[2010/04/26 23:44:11 | 000,001,255 | ---- | M] () -- C:\Users\Diz\Desktop\AVS4YOU Software Navigator.lnk
[2010/04/26 22:01:18 | 000,346,032 | ---- | M] () -- C:\Users\Diz\Desktop\laxshhmi.docx
[2010/04/24 22:56:13 | 000,011,209 | ---- | M] () -- C:\Users\Diz\Desktop\Killerdude.jpg
[2010/04/24 22:45:54 | 000,030,061 | ---- | M] () -- C:\Users\Diz\Desktop\kd2.jpg
[2010/04/24 22:42:08 | 000,198,846 | ---- | M] () -- C:\Users\Diz\Desktop\kd.psd
[2010/04/24 22:39:55 | 000,036,005 | ---- | M] () -- C:\Users\Diz\Desktop\kd.jpg
[2010/04/23 19:23:38 | 000,439,187 | ---- | M] () -- C:\Users\Diz\Desktop\badman.png
[2010/04/23 18:31:27 | 000,000,646 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010/04/23 00:48:55 | 003,674,112 | ---- | M] () -- C:\Users\Diz\Desktop\Mad Group Photobook.ppt
[2010/04/21 23:30:46 | 000,281,789 | ---- | M] () -- C:\Users\Diz\Desktop\bg2.jpg
[2010/04/21 19:39:19 | 000,332,210 | ---- | M] () -- C:\Users\Diz\Desktop\done.png
[2010/04/21 01:37:06 | 003,295,193 | ---- | M] () -- C:\Users\Diz\Desktop\bg.psd
[2010/04/20 23:40:49 | 000,178,328 | ---- | M] () -- C:\Users\Diz\Desktop\bgpc.jpg
[2010/04/20 22:57:56 | 000,538,096 | ---- | M] () -- C:\Users\Diz\Desktop\sb.png
[2010/04/20 21:35:05 | 000,473,482 | ---- | M] () -- C:\Users\Diz\Desktop\paaaaint.png
[2010/04/19 18:53:29 | 000,448,965 | ---- | M] () -- C:\Users\Diz\Desktop\BaLlIn!!!!!.gif
[2010/04/19 18:48:23 | 000,017,827 | ---- | M] () -- C:\Users\Diz\Desktop\avatar2525_17.gif
[2010/04/18 19:16:05 | 000,011,461 | ---- | M] () -- C:\Users\Diz\Desktop\be.jpg
[2010/04/17 21:51:22 | 002,349,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/17 07:03:46 | 000,018,463 | ---- | M] () -- C:\Users\Diz\Desktop\dios.gif
[2010/04/17 05:48:15 | 008,623,365 | ---- | M] () -- C:\Users\Diz\Desktop\money.psd
[2010/04/17 05:44:02 | 000,016,615 | ---- | M] () -- C:\Users\Diz\Desktop\money.gif
[2010/04/17 00:29:37 | 016,166,319 | ---- | M] () -- C:\Users\Diz\Desktop\Lil_Wayne_by_NarekYo[1].psd
[2010/04/16 23:55:40 | 000,020,269 | ---- | M] () -- C:\Users\Diz\Desktop\jae2.gif
[2010/04/16 23:37:08 | 000,020,055 | ---- | M] () -- C:\Users\Diz\Desktop\jae.gif
[2010/04/16 22:51:50 | 000,113,184 | ---- | M] () -- C:\Users\Diz\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 22:51:37 | 000,061,527 | ---- | M] () -- C:\Users\Diz\Desktop\jae.jpg
[2010/04/13 05:09:41 | 000,333,385 | ---- | M] () -- C:\Users\Diz\Documents\final.gif
[2010/04/13 04:15:25 | 000,016,880 | ---- | M] () -- C:\Users\Diz\Documents\26.jpg
[2010/04/13 04:05:29 | 000,087,761 | ---- | M] () -- C:\Users\Diz\Documents\25.jpg
[2010/04/13 03:21:04 | 000,004,897 | ---- | M] () -- C:\Users\Diz\.recently-used.xbel
[2010/04/12 22:13:39 | 000,185,496 | ---- | M] () -- C:\Users\Diz\Desktop\tank.jpg
[2010/04/12 05:17:43 | 000,001,585 | ---- | M] () -- C:\Users\Diz\Desktop\DivX Movies.lnk
[2010/04/09 23:39:58 | 003,081,045 | ---- | M] () -- C:\Users\Diz\Documents\DSC_0695.JPG
[2010/04/09 23:38:32 | 004,668,261 | ---- | M] () -- C:\Users\Diz\Documents\canvas.jpg
[2010/04/09 04:00:04 | 000,091,468 | ---- | M] () -- C:\Users\Diz\Documents\moovin.gif
[2010/04/09 00:46:54 | 000,036,286 | ---- | M] () -- C:\Users\Diz\Documents\pic2.jpg
[2010/04/08 18:51:32 | 000,001,089 | ---- | M] () -- C:\Users\Diz\Desktop\HaloCE.lnk

========== Files Created - No Company Name ==========

[2010/05/06 21:18:23 | 000,524,288 | -HS- | C] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TMContainer00000000000000000002.regtrans-ms
[2010/05/06 21:18:23 | 000,524,288 | -HS- | C] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 21:18:22 | 000,065,536 | -HS- | C] () -- C:\Users\Diz\NTUSER.DAT{a743bd9e-5937-11df-84ad-9d94a9830e39}.TM.blf
[2010/05/06 20:23:21 | 000,000,000 | -HS- | C] () -- C:\Users\Diz\NTUSER.tmp.LOG2
[2010/05/06 20:23:21 | 000,000,000 | -HS- | C] () -- C:\Users\Diz\NTUSER.tmp.LOG1
[2010/05/06 18:45:55 | 337,689,396 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/06 17:14:17 | 000,000,898 | ---- | C] () -- C:\Users\Diz\Desktop\NTREGOPT.lnk
[2010/05/06 17:14:17 | 000,000,879 | ---- | C] () -- C:\Users\Diz\Desktop\ERUNT.lnk
[2010/05/06 16:49:40 | 000,185,369 | ---- | C] () -- C:\Users\Diz\Desktop\njn.png
[2010/05/01 01:32:59 | 000,002,155 | ---- | C] () -- C:\Users\Diz\Desktop\Ad-Aware 2007.lnk
[2010/05/01 01:32:54 | 000,002,155 | ---- | C] () -- C:\Users\Diz\Desktop\Ad-Watch 2007.lnk
[2010/04/30 15:45:57 | 000,189,763 | ---- | C] () -- C:\Users\Diz\Desktop\jessops.png
[2010/04/30 15:24:58 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Jessops.lnk
[2010/04/28 19:21:42 | 000,473,976 | ---- | C] () -- C:\Users\Diz\Desktop\amgg.png
[2010/04/28 17:23:10 | 000,002,243 | ---- | C] () -- C:\Users\Diz\Desktop\Google Chrome.lnk
[2010/04/28 17:21:45 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000UA.job
[2010/04/28 17:21:35 | 000,000,846 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000Core.job
[2010/04/27 19:11:47 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 19:11:34 | 000,585,123 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 19:11:34 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 19:11:33 | 059,653,055 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/27 16:32:03 | 000,000,178 | ---- | C] () -- C:\Users\Diz\Desktop\HijackThis Logfileauswertung.url
[2010/04/27 00:13:18 | 000,000,036 | ---- | C] () -- C:\Users\Diz\AppData\Local\housecall.guid.cache
[2010/04/26 22:01:16 | 000,346,032 | ---- | C] () -- C:\Users\Diz\Desktop\laxshhmi.docx
[2010/04/24 22:56:13 | 000,011,209 | ---- | C] () -- C:\Users\Diz\Desktop\Killerdude.jpg
[2010/04/24 22:45:51 | 000,030,061 | ---- | C] () -- C:\Users\Diz\Desktop\kd2.jpg
[2010/04/24 22:42:07 | 000,198,846 | ---- | C] () -- C:\Users\Diz\Desktop\kd.psd
[2010/04/24 22:39:52 | 000,036,005 | ---- | C] () -- C:\Users\Diz\Desktop\kd.jpg
[2010/04/23 19:23:37 | 000,439,187 | ---- | C] () -- C:\Users\Diz\Desktop\badman.png
[2010/04/23 18:31:27 | 000,000,646 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010/04/21 23:30:43 | 000,281,789 | ---- | C] () -- C:\Users\Diz\Desktop\bg2.jpg
[2010/04/21 19:39:19 | 000,332,210 | ---- | C] () -- C:\Users\Diz\Desktop\done.png
[2010/04/21 11:32:04 | 003,674,112 | ---- | C] () -- C:\Users\Diz\Desktop\Mad Group Photobook.ppt
[2010/04/21 01:37:04 | 003,295,193 | ---- | C] () -- C:\Users\Diz\Desktop\bg.psd
[2010/04/20 23:40:46 | 000,178,328 | ---- | C] () -- C:\Users\Diz\Desktop\bgpc.jpg
[2010/04/20 22:57:56 | 000,538,096 | ---- | C] () -- C:\Users\Diz\Desktop\sb.png
[2010/04/20 21:09:50 | 000,473,482 | ---- | C] () -- C:\Users\Diz\Desktop\paaaaint.png
[2010/04/19 18:53:29 | 000,448,965 | ---- | C] () -- C:\Users\Diz\Desktop\BaLlIn!!!!!.gif
[2010/04/19 18:48:23 | 000,017,827 | ---- | C] () -- C:\Users\Diz\Desktop\avatar2525_17.gif
[2010/04/18 19:16:05 | 000,011,461 | ---- | C] () -- C:\Users\Diz\Desktop\be.jpg
[2010/04/17 07:03:46 | 000,018,463 | ---- | C] () -- C:\Users\Diz\Desktop\dios.gif
[2010/04/17 05:48:13 | 008,623,365 | ---- | C] () -- C:\Users\Diz\Desktop\money.psd
[2010/04/17 05:44:02 | 000,016,615 | ---- | C] () -- C:\Users\Diz\Desktop\money.gif
[2010/04/17 00:29:33 | 016,166,319 | ---- | C] () -- C:\Users\Diz\Desktop\Lil_Wayne_by_NarekYo[1].psd
[2010/04/16 23:55:40 | 000,020,269 | ---- | C] () -- C:\Users\Diz\Desktop\jae2.gif
[2010/04/16 23:37:07 | 000,020,055 | ---- | C] () -- C:\Users\Diz\Desktop\jae.gif
[2010/04/16 22:51:36 | 000,061,527 | ---- | C] () -- C:\Users\Diz\Desktop\jae.jpg
[2010/04/13 05:09:41 | 000,333,385 | ---- | C] () -- C:\Users\Diz\Documents\final.gif
[2010/04/13 04:15:23 | 000,016,880 | ---- | C] () -- C:\Users\Diz\Documents\26.jpg
[2010/04/13 04:05:28 | 000,087,761 | ---- | C] () -- C:\Users\Diz\Documents\25.jpg
[2010/04/13 03:21:04 | 000,004,897 | ---- | C] () -- C:\Users\Diz\.recently-used.xbel
[2010/04/12 22:13:39 | 000,185,496 | ---- | C] () -- C:\Users\Diz\Desktop\tank.jpg
[2010/04/12 05:17:43 | 000,001,585 | ---- | C] () -- C:\Users\Diz\Desktop\DivX Movies.lnk
[2010/04/09 23:39:17 | 003,081,045 | ---- | C] () -- C:\Users\Diz\Documents\DSC_0695.JPG
[2010/04/09 23:37:28 | 004,668,261 | ---- | C] () -- C:\Users\Diz\Documents\canvas.jpg
[2010/04/09 03:59:48 | 000,091,468 | ---- | C] () -- C:\Users\Diz\Documents\moovin.gif
[2010/04/09 00:46:50 | 000,036,286 | ---- | C] () -- C:\Users\Diz\Documents\pic2.jpg
[2010/04/08 21:53:58 | 000,000,157 | ---- | C] () -- C:\Users\Diz\.imagineer_log.txt
[2010/03/26 20:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/02/25 03:13:34 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2010/02/25 03:13:34 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2010/02/25 02:56:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/02/25 02:55:53 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2010/02/25 02:40:58 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2010/02/24 22:15:21 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/04/01 17:01:38 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\Artisteer
[2010/04/27 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\AVG9
[2010/04/18 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\FileZilla
[2010/03/24 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\GetRightToGo
[2010/04/13 03:21:04 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\gtk-2.0
[2010/03/27 03:00:10 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\ManyCam
[2010/04/02 01:14:12 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\Notepad++
[2010/03/15 03:11:51 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\TS3Client
[2010/04/30 18:47:15 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\uTorrent
[2010/03/26 01:27:45 | 000,000,000 | ---D | M] -- C:\Users\Diz\AppData\Roaming\WebcamMax
[2010/05/03 06:54:22 | 000,028,884 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/25 03:25:13 | 000,007,955 | ---- | M] () -- C:\-20100225.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/25 05:25:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/25 00:04:52 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/02/25 00:04:50 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010/05/06 21:17:31 | 1609,129,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/23 20:06:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/23 20:06:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/06 21:17:31 | 2145,509,376 | -HS- | M] () -- C:\pagefile.sys
[2010/02/25 00:04:50 | 000,171,136 | RHS- | M] () -- C:\xeldr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/27 19:10:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 19:11:47 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/04/27 19:11:37 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 19:11:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 19:11:47 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 19:25:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
< End of report >

[Diz187]

Extras.txt

OTL Extras logfile created on: 07/05/2010 01:57:18 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Diz\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.96 Gb Total Space | 5.61 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive D: | 68.73 Gb Total Space | 61.38 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIZ-PC
Current User Name: Diz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7394A0F-3F80-45B1-87FC-ABCD51893246}" = Python 2.6.4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Artisteer 2" = Artisteer 2
"Audacity_is1" = Audacity 1.2.6
"AVerMedia M115 MiniPCI Hybrid DVBT" = AVerMedia M115 MiniPCI Hybrid DVBT 4.5.0.9
"AVG9Uninstall" = AVG 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combat Arms EU" = Combat Arms EU
"DivX Setup.divx.com" = DivX Setup
"Driver Genius Professional Edition 9.0.0182" = Driver Genius Professional Edition 9.0.0182
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Fake Webcam_is1" = Fake Webcam 6.1.3
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"IObit Security 360_is1" = IObit Security 360
"Jessops" = Jessops
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[SweetTech]

Do you have the GMER log for me?

[Diz187]

Gmer Scan
Ran in safe mode after BSOD


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 02:46:17
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Diz\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82636AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82636104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 826363F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8261E634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8261E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 826361DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82636958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 826366F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82636F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 826371A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82696579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 826BAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[728] ntdll.dll!NtProtectVirtualMemory 76F65360 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[728] ntdll.dll!NtWriteVirtualMemory 76F65EE0 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[728] ntdll.dll!KiUserExceptionDispatcher 76F66448 5 Bytes JMP 002A000A
.text C:\Windows\Explorer.EXE[972] ntdll.dll!NtProtectVirtualMemory 76F65360 5 Bytes JMP 001E000A
.text C:\Windows\Explorer.EXE[972] ntdll.dll!NtWriteVirtualMemory 76F65EE0 5 Bytes JMP 001F000A
.text C:\Windows\Explorer.EXE[972] ntdll.dll!KiUserExceptionDispatcher 76F66448 5 Bytes JMP 001D000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7399250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73992494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73975624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739756E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73988573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73984D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739850CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739851A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [739866D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739882CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73988819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7398907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7398E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73984C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8C8FF130
Device \FileSystem\fastfat \Fat 8C907D72

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8515EEE4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\000b6b93d406 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\000b6b93d406@0015a07c3119 0x39 0xA3 0x3A 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b93d406
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b93d406@0015a07c3119 0x39 0xA3 0x3A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000b6b93d406 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000b6b93d406@0015a07c3119 0x39 0xA3 0x3A 0xC3 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----






I'd just like to say thanks for all the help I'm getting , my laptop at the moment seems fine, however the odd websites I get referred to and the 007guard is worrying.

[SweetTech]

Hello,

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[Diz187]

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

Thanks for taking some time to help me out, one question I have is what is a rootkit? :s

[Diz187]

2. The log that was produced after running the ComboFix scan.

ComboFix 10-05-06.01 - Diz 07/05/2010 21:46:00.1.2 - x86
Running from: c:\users\Diz\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\System32\eNetHook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HyperCam Toolbar\tbHElper.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Explorer
c:\windows\system32\Explorer\cd.txt

Infected copy of c:\windows\system32\drivers\volmgr.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 20:34 . 2010-05-07 20:35 -------- d-----w- C:\32788R22FWJFW
2010-05-06 16:41 . 2010-05-06 16:41 -------- d-----w- c:\users\Diz\AppData\Roaming\Malwarebytes
2010-05-06 16:40 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\programdata\Malwarebytes
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 16:40 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\ERUNT
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\programdata\IObit
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\program files\IObit
2010-05-01 00:32 . 2010-05-07 05:18 -------- d-----w- c:\programdata\Lavasoft
2010-04-30 14:25 . 2010-04-30 14:25 -------- d-----w- c:\programdata\hps
2010-04-30 14:22 . 2010-04-30 14:22 -------- d-----w- c:\program files\jessops
2010-04-28 16:21 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-27 19:28 . 2010-04-27 22:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:28 . 2010-04-27 22:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 18:46 . 2010-04-27 18:46 -------- d-----w- C:\$AVG
2010-04-27 18:34 . 2010-04-27 18:34 -------- d-----w- c:\users\Diz\AppData\Roaming\AVG9
2010-04-27 18:26 . 2010-04-27 18:26 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-27 18:24 . 2010-04-27 18:24 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-27 18:11 . 2010-04-27 18:11 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-04-27 18:11 . 2010-04-27 18:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-27 18:11 . 2010-04-27 18:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-27 18:11 . 2010-04-27 18:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-27 18:11 . 2010-05-07 14:22 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-27 18:10 . 2010-04-27 18:10 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-27 18:10 . 2010-04-27 18:10 -------- d-----w- c:\program files\AVG
2010-04-27 18:10 . 2010-04-27 22:36 -------- d-----w- c:\programdata\avg9
2010-04-27 17:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-27 17:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-27 15:34 . 2010-04-27 22:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-26 23:13 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-26 22:58 . 2010-04-27 22:36 -------- d-----w- c:\users\Diz\AppData\Local\HWLPCDRW
2010-04-23 17:28 . 2010-04-23 17:28 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-04-23 17:28 . 2010-04-23 17:28 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-04-23 17:28 . 2010-04-23 17:28 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-04-23 17:28 . 2010-04-24 17:04 -------- d-----w- c:\programdata\NexonEU
2010-04-23 17:28 . 2010-04-23 17:28 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-04-12 04:18 . 2010-04-12 04:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-12 04:17 . 2010-04-12 04:16 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-12 04:17 . 2010-04-12 04:17 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-08 20:53 . 2010-04-08 20:53 -------- d-----w- C:\MoTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 20:55 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyperCam Toolbar
2010-05-07 05:18 . 2010-02-24 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 15:11 . 2010-02-24 22:43 -------- d-----w- c:\programdata\FLEXnet
2010-05-05 18:07 . 2010-02-24 21:56 -------- d-----w- c:\users\Diz\AppData\Roaming\vlc
2010-04-30 17:47 . 2010-03-09 22:24 -------- d-----w- c:\users\Diz\AppData\Roaming\uTorrent
2010-04-27 22:50 . 2010-02-24 20:44 -------- d-----w- c:\programdata\Microsoft Help
2010-04-26 22:45 . 2010-03-19 02:09 -------- d-----w- c:\program files\AVS4YOU
2010-04-26 22:38 . 2010-03-19 02:11 -------- d-----w- c:\users\Diz\AppData\Roaming\AVS4YOU
2010-04-26 20:49 . 2010-02-28 22:57 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-21 00:00 . 2010-03-18 19:40 -------- d-----w- c:\programdata\DivX
2010-04-18 18:44 . 2010-03-01 00:39 -------- d-----w- c:\users\Diz\AppData\Roaming\FileZilla
2010-04-16 21:51 . 2010-02-24 20:38 113184 ----a-w- c:\users\Diz\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 23:22 . 2010-03-21 18:54 -------- d-----w- c:\users\Diz\AppData\Roaming\Skype
2010-04-15 23:21 . 2010-03-21 18:55 -------- d-----w- c:\users\Diz\AppData\Roaming\skypePM
2010-04-13 02:21 . 2010-04-03 18:14 -------- d-----w- c:\users\Diz\AppData\Roaming\gtk-2.0
2010-04-12 04:17 . 2010-03-18 19:40 -------- d-----w- c:\program files\DivX
2010-04-12 04:16 . 2010-03-18 19:41 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-10 18:20 . 2010-04-02 17:38 -------- d-----w- c:\users\Diz\AppData\Roaming\Xfire
2010-04-10 17:13 . 2010-04-02 17:38 -------- d-----w- c:\programdata\Xfire
2010-04-03 17:50 . 2010-04-03 17:50 -------- d-----w- c:\program files\GIMP-2.0
2010-04-02 17:38 . 2010-04-02 17:38 -------- d-----w- c:\program files\Xfire
2010-04-02 00:14 . 2010-04-02 00:13 -------- d-----w- c:\users\Diz\AppData\Roaming\Notepad++
2010-04-02 00:13 . 2010-04-02 00:13 -------- d-----w- c:\program files\Notepad++
2010-04-01 16:01 . 2010-04-01 16:01 -------- d-----w- c:\users\Diz\AppData\Roaming\Artisteer
2010-04-01 15:57 . 2010-04-01 15:57 -------- d-----w- c:\program files\Artisteer 2
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\program files\QuickTime
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\programdata\Apple Computer
2010-03-31 13:45 . 2010-03-31 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\programdata\Apple
2010-03-30 23:35 . 2010-03-19 17:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 23:35 . 2010-03-30 23:35 -------- d-----w- c:\program files\Java
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\program files\ManyCam 2.4
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\users\Diz\AppData\Roaming\ManyCam
2010-03-26 19:04 . 2010-03-26 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-26 02:03 . 2010-03-26 01:13 -------- d-----w- c:\program files\Webcam and Screen Recorder
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Fake Webcam
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Common Files\fwc
2010-03-26 00:27 . 2010-03-26 00:27 -------- d-----w- c:\users\Diz\AppData\Roaming\WebcamMax
2010-03-24 20:31 . 2010-03-24 20:31 -------- d-----w- c:\users\Diz\AppData\Roaming\GetRightToGo
2010-03-23 18:36 . 2010-02-24 21:55 -------- d-----w- c:\program files\Windows Live
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-23 02:47 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-23 02:42 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-23 02:06 . 2010-03-23 02:06 -------- d-----w- c:\program files\Lame for Audacity
2010-03-23 02:03 . 2010-03-23 02:03 -------- d-----w- c:\program files\Audacity
2010-03-21 18:55 . 2010-03-21 18:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\program files\Common Files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----r- c:\program files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\programdata\Skype
2010-03-19 17:29 . 2010-03-19 17:29 -------- d-----w- c:\programdata\PopCap
2010-03-19 17:16 . 2010-03-19 17:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-19 02:11 . 2010-03-19 02:09 -------- d-----w- c:\programdata\AVS4YOU
2010-03-19 02:10 . 2010-03-19 02:09 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\users\Diz\AppData\Roaming\DivX
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-19 01:26 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyCam2
2010-03-15 14:56 . 2010-03-15 14:56 94208 ----a-r- c:\users\Diz\AppData\Roaming\Microsoft\Installer\{E7394A0F-3F80-45B1-87FC-ABCD51893246}\python_icon.exe
2010-03-15 02:11 . 2010-03-15 02:08 -------- d-----w- c:\users\Diz\AppData\Roaming\TS3Client
2010-03-13 23:57 . 2010-03-13 23:56 -------- d-----w- c:\program files\Fake Voice
2010-03-13 14:09 . 2010-02-27 17:31 -------- d-----w- c:\users\Diz\AppData\Roaming\dvdcss
2010-03-09 22:25 . 2010-03-09 22:25 -------- d-----w- c:\program files\uTorrent
2010-03-04 23:38 . 2010-03-04 23:38 0 ----a-w- c:\windows\nsreg.dat
2010-03-01 18:19 . 2010-03-01 18:19 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-02-25 14:23 . 2010-02-25 14:23 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-02-25 14:23 . 2010-02-25 14:23 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-25 00:37 . 2010-02-24 23:58 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-24 20:54 . 2010-02-24 20:54 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2010-2-25 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 18:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-04-27 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-27 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-27 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-27 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-27 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-27 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-27 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVer3xEn;AVerMedia SAA713x BDA Encoder Service;c:\windows\system32\DRIVERS\AVer3xEn.sys [2006-11-14 1234304]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-04-27 122376]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-04-27 30216]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-04-27 20488]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]

.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000Core.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000UA.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Diz\AppData\Roaming\Mozilla\Firefox\Profiles\wi9i7gqh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\Diz\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-CGF-lol - c:\windows\system32\Hackhoundserver.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\System32\eNetHook.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\System32\eNetHook.dll
.
Completion time: 2010-05-07 22:02:13
ComboFix-quarantined-files.txt 2010-05-07 21:02

Pre-Run: 6,576,381,952 bytes free
Post-Run: 6,863,081,472 bytes free

- - End Of File - - 28ED7464F38DD06B8D93A78F520A4FA7

[Diz187]

Combofix also Told me to note down the following:

The Following file was trying to attach to Combofix - C:/windows\system32\eNetHook.dll

3. An update on how your computer is currently running.

Lastly my computers on its way to recovery. When turned it on today the sound on the web wasn't working, but after running Combofix its working again. Google chrome is also running properly again

The only thing that still hasn't changed is this:

http://i44.tinypic.com/6854xk.jpg

[SweetTech]

Hello,

Rootkits are a type of software that's main objective is to gain administrative level access so that they can gain control over a users computer system without being detected.




NEXT:



VirusTotal File Scan
Please go to: VirusTotal

• 
  
• Click the Browse button and search for the following file: c:\windows\System32\eNetHook.dll
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply

[Diz187]

File eNetHook.dll received on 2010.05.07 21:53:10 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)

Edited by Diz187, 07 May 2010 - 04:27 PM.

[SweetTech]

Hello,

Uploading File
Please visit this site & follow the instructions for uploading the file requested below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:

http://www.geekstogo.com/forum/Help-D-t276261.html

Click Browse & navigate to c:\windows\System32\eNetHook.dll. Click Open then Send File.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following bolded text into the textbox.
  
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  c:\program files\jessops\*.* /s
  c:\users\Diz\AppData\Local\HWLPCDRW\*.* /s
  C:\MoTemp\*.* /s
  

• Push
• A report will open. Copy and Paste that report in your next reply.

NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. A confirmation that you uploaded the file requested successfully.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The logs that were produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 07 May 2010 - 04:59 PM.

[Diz187]

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

none


2. A confirmation that you uploaded the file requested successfully.

> Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.


3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4076

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/05/2010 00:25:06
mbam-log-2010-05-08 (00-25-06).txt

Scan type: Quick scan
Objects scanned: 125235
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\eNetHook.dll.vir (Trojan.Vundo) -> Delete on reboot.


4. The log that was produced after running the ESET Online Virus Scanner.

ESET Online Scanner
-No threars found

However it never ran properly as it finished in like 10 secs after the downloading the virus database updates.
And is shows its scanned 0 files.


OTL scan is ongoing, and the state of my computer will be described in the next post

[SweetTech]

Hello,

Please try to use this Online Scanner.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply