[nkk]

I have been infected with the Olmarik Trojan. It is redirecting google queries regarding anything related to computer or malware topics. I am also concerned that it may be tracking my keystrokes.
I am working on a Samsung netbook and have Windows 7 Started edition OS. I use ESET Business Edition, and Firefox as my main browser.
Remedies tried:
ESET detects the trojan in scans, but cannot remove it. The specialized Olmarik Trojan remover provided by ESET cannot remove it, as it's rooted in the registry.
Malware Bytes Anti-Malware does not detect it.
Typing mrt.exe in the Run window does nothing, as Windows does not recognize the command.

I am hoping to remove this nasty Torjan from my computer as soon as possible.

Thanks in advance for your help, I greatly appreciate it!

[Advertisements]

Hi there first I will need some data

Hi there let me see what you have. If GMER crashes or fails to run then proceed to the OTL scan

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Click on Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Essexboy]

Hi there first I will need some data

Hi there let me see what you have. If GMER crashes or fails to run then proceed to the OTL scan

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Click on Scan all users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[nkk]

HI,
Sorry for the delayed response.

Gmer loaded and I was able to run it, but after about 5 minutes, it froze my computer
totally, and I had to shut it down and reboot. It froze at: \Filesystem\fastfat\Fat (Type: fltmgr.sys)


After rebooting, I ran OTL. Here are the results for OTL.txt:

OTL logfile created on: 1/24/2011 10:41:42 AM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\NK\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 41.00 Gb Total Space | 11.91 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive D: | 87.95 Gb Total Space | 65.83 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: NK-PC | User Name: NK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\NK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)


========== Modules (SafeList) ==========

MOD - C:\Users\NK\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation)
MOD - C:\Program Files\Elantech\ETDApix.dll (ELAN Microelectronics Corp.)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (InstallFilterService) -- C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (Acceler) -- C:\Windows\System32\drivers\Acceler.sys (ST Microelectronics)
DRV - (stdflt) -- C:\windows\system32\DRIVERS\stdflt.sys (ST Microelectronics)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ETD) -- C:\Windows\System32\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (btwampfl) -- C:\Windows\System32\drivers\btwampfl.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-805004606-1057810730-124832903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-805004606-1057810730-124832903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-805004606-1057810730-124832903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aldaily.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/17 20:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 23:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/01/17 22:56:51 | 000,000,000 | ---D | M]

[2011/01/17 20:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NK\AppData\Roaming\Mozilla\Extensions
[2011/01/17 20:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NK\AppData\Roaming\Mozilla\Firefox\Profiles\qngmfxtz.default\extensions
[2011/01/17 20:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 12:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 12:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 12:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 12:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-805004606-1057810730-124832903-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-805004606-1057810730-124832903-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-805004606-1057810730-124832903-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 08:46:00 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\NK\Desktop\OTL.exe
[2011/01/23 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Diagnostics
[2011/01/21 00:03:22 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\ESET
[2011/01/19 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Oceanis
[2011/01/19 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\WinRAR
[2011/01/19 00:38:59 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/01/19 00:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/01/19 00:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/19 00:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/01/18 23:58:50 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Youcam
[2011/01/18 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\vlc
[2011/01/18 02:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/01/18 02:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/01/18 02:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/01/18 02:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/01/18 00:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/01/18 00:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/01/18 00:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/01/18 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Malwarebytes
[2011/01/18 00:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/18 00:30:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/01/18 00:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/18 00:30:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/01/18 00:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/17 23:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/01/17 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/01/17 23:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/01/17 23:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/01/17 23:07:18 | 000,000,000 | ---D | C] -- C:\windows\SHELLNEW
[2011/01/17 23:06:55 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Microsoft Help
[2011/01/17 23:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/01/17 23:06:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/01/17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/01/17 22:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/17 22:20:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/01/17 22:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/01/17 22:02:08 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\uTorrent
[2011/01/17 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/01/17 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Bluetooth Exchange Folder
[2011/01/17 20:56:50 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\skypePM
[2011/01/17 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Mozilla
[2011/01/17 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Mozilla
[2011/01/17 20:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/17 20:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/17 20:39:09 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Macromedia
[2011/01/17 20:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/01/17 20:26:59 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Adobe
[2011/01/17 20:14:37 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Skype
[2011/01/17 20:11:54 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\German
[2011/01/17 20:11:52 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Excercise
[2011/01/17 20:11:47 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Education & Other Articles
[2011/01/17 20:11:32 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Academics
[2011/01/17 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Writing
[2011/01/17 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Residency Applications
[2011/01/17 20:11:25 | 000,000,000 | R--D | C] -- C:\Users\NK\Documents\Philosophy and Literature Journal
[2011/01/17 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Misc
[2011/01/17 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Letters
[2011/01/17 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Google
[2011/01/17 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Google
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\Searches
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/17 19:56:50 | 000,000,000 | -H-D | C] -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/17 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Identities
[2011/01/17 19:56:36 | 000,000,000 | R--D | C] -- C:\Users\NK\Contacts
[2011/01/17 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/01/17 19:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/01/17 19:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/01/17 19:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/01/17 19:49:53 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2011/01/17 19:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/17 19:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/17 19:47:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/01/17 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/01/17 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/17 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/17 19:46:52 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/01/17 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/01/17 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
[2011/01/17 19:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
[2011/01/17 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2011/01/17 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Game Pack
[2011/01/17 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Adobe
[2011/01/17 19:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/17 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/17 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/17 19:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/01/17 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\VirtualStore
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\Temporary Internet Files
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Templates
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Start Menu
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\SendTo
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Recent
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\PrintHood
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\NetHood
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Videos
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Pictures
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Music
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\My Documents
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Local Settings
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\History
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Cookies
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Application Data
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\Application Data
[2011/01/17 19:34:17 | 000,000,000 | --SD | C] -- C:\Users\NK\AppData\Roaming\Microsoft
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Videos
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Saved Games
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Pictures
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Music
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Links
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Favorites
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Downloads
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\My Documents
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Desktop
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/17 19:34:17 | 000,000,000 | -H-D | C] -- C:\Users\NK\AppData
[2011/01/17 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Temp
[2011/01/17 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Microsoft
[2011/01/17 19:33:04 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/01/24 10:44:23 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 10:44:23 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 10:37:18 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/24 10:36:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/24 10:36:07 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/24 08:57:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/24 08:51:55 | 000,018,591 | ---- | M] () -- C:\Users\NK\Desktop\possible olmarok trmoval.docx
[2011/01/24 08:46:34 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\NK\Desktop\OTL.exe
[2011/01/22 14:44:53 | 000,619,642 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/22 14:44:53 | 000,107,792 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/20 21:13:29 | 000,297,816 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/19 00:42:56 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Oceanis Change Background W7.lnk
[2011/01/18 00:30:34 | 000,001,091 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/17 22:19:38 | 165,817,365 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/01/17 20:56:51 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 20:47:25 | 000,001,909 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/17 20:00:14 | 000,001,407 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/17 19:51:50 | 000,020,534 | ---- | M] () -- C:\Users\NK\Documents\some beautiful sections from the third elegy.docx
[2011/01/17 19:47:32 | 000,010,467 | ---- | M] () -- C:\Users\NK\Documents\Research in Germany.docx
[2011/01/17 19:44:47 | 000,000,033 | ---- | M] () -- C:\windows\0
[2011/01/17 19:37:32 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/01/17 19:34:28 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_B30P_01KZ.mrk
[2011/01/17 18:32:20 | 000,105,807 | ---- | M] () -- C:\windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011/01/24 08:45:15 | 000,296,448 | ---- | C] () -- C:\Users\NK\Desktop\gmer.exe
[2011/01/23 13:38:38 | 000,018,591 | ---- | C] () -- C:\Users\NK\Desktop\possible olmarok trmoval.docx
[2011/01/19 00:42:56 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oceanis Change Background W7.lnk
[2011/01/19 00:42:56 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Oceanis Change Background W7.lnk
[2011/01/18 21:16:38 | 650,890,664 | ---- | C] () -- C:\Users\NK\Documents\10,000 classical guitar scores.pdf
[2011/01/18 02:17:05 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/01/18 00:30:34 | 000,001,091 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/17 22:19:38 | 165,817,365 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/01/17 20:56:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 20:47:32 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 20:47:30 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/17 20:47:25 | 000,001,909 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/17 20:11:32 | 000,020,534 | ---- | C] () -- C:\Users\NK\Documents\some beautiful sections from the third elegy.docx
[2011/01/17 20:11:32 | 000,019,096 | ---- | C] () -- C:\Users\NK\Documents\some poems by Pessoa.docx
[2011/01/17 20:11:32 | 000,010,467 | ---- | C] () -- C:\Users\NK\Documents\Research in Germany.docx
[2011/01/17 20:11:31 | 000,321,861 | ---- | C] () -- C:\Users\NK\Documents\Naomi-submit-cra09.pdf
[2011/01/17 20:11:31 | 000,059,861 | ---- | C] () -- C:\Users\NK\Documents\Continuous.docx
[2011/01/17 20:11:31 | 000,051,712 | ---- | C] () -- C:\Users\NK\Documents\Naomi Kalfa updated resume (WITH VOL AND REF).doc
[2011/01/17 20:00:14 | 000,001,407 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/17 19:57:02 | 000,001,413 | ---- | C] () -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/01/17 19:56:24 | 000,562,718 | ---- | C] () -- C:\windows\surbey.ico
[2011/01/17 19:54:58 | 000,000,146 | ---- | C] () -- C:\Users\NK\DiskScrP.txt
[2011/01/17 19:44:47 | 000,000,033 | ---- | C] () -- C:\windows\0
[2011/01/17 19:40:05 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/01/17 19:39:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/17 19:34:53 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/01/17 19:34:28 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_B30P_01KZ.mrk
[2011/01/17 19:34:18 | 000,000,290 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/17 19:34:18 | 000,000,272 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/04 05:23:09 | 000,000,600 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/05/04 05:04:59 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/09/28 04:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2011/01/19 20:38:00 | 000,000,000 | ---D | M] -- C:\Users\NK\AppData\Roaming\uTorrent
[2011/01/20 10:13:48 | 000,011,440 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >



AND here are the results of Extras.txt:
OTL Extras logfile created on: 1/24/2011 10:41:42 AM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\NK\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 41.00 Gb Total Space | 11.91 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive D: | 87.95 Gb Total Space | 65.83 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: NK-PC | User Name: NK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-805004606-1057810730-124832903-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.8.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Picasa 3" = Picasa 3
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2011 10:22:47 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 10:22:48 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 10:24:29 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 10:26:58 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 10:27:30 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 10:27:31 PM | Computer Name = NK-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 11:35:18 PM | Computer Name = NK-PC | Source = VSS | ID = 8193
Description =

Error - 1/17/2011 11:56:18 PM | Computer Name = NK-PC | Source = VSS | ID = 8193
Description =

Error - 1/18/2011 12:05:40 AM | Computer Name = NK-PC | Source = VSS | ID = 8193
Description =

Error - 1/18/2011 12:05:41 AM | Computer Name = NK-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 1/17/2011 8:34:07 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/17/2011 9:30:41 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7030
Description = The Eset Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/17/2011 10:03:02 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/17/2011 11:13:00 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%776

Error - 1/17/2011 11:13:06 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7000
Description = The Diagnostic System Host service failed to start due to the following
error: %%776

Error - 1/17/2011 11:16:55 PM | Computer Name = NK-PC | Source = DCOM | ID = 10010
Description =

Error - 1/17/2011 11:18:21 PM | Computer Name = NK-PC | Source = DCOM | ID = 10010
Description =

Error - 1/17/2011 11:20:21 PM | Computer Name = NK-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:18:10 PM on ?17/?01/?2011 was unexpected.

Error - 1/17/2011 11:20:22 PM | Computer Name = NK-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/17/2011 11:20:49 PM | Computer Name = NK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

Please let me know what else I should do.
Thanks again for your help!

[Essexboy]

OK lets take out what I can see and then see if your MBR is clean

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/01/17 19:44:47 | 000,000,033 | ---- | M] () -- C:\windows\0
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[nkk]

Hello,

I ran OTL and then rebooted. Upon reboot, this file appeared:

All processes killed
Error: Unable to interpret <Quote> in the current context!
========== OTL ==========
C:\Windows\0 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\NK\Desktop\cmd.bat deleted successfully.
C:\Users\NK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NK
->Temp folder emptied: 32029525 bytes
->Temporary Internet Files folder emptied: 23627324 bytes
->FireFox cache emptied: 95292490 bytes
->Flash cache emptied: 1333 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1689287 bytes
RecycleBin emptied: 187235 bytes

Total Files Cleaned = 146.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: NK
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.5 log created on 01262011_120206

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


I then performed a quickscan with OTL, and here are the results:
OTL logfile created on: 1/26/2011 12:06:48 PM - Run 2
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\NK\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 319.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 41.00 Gb Total Space | 12.49 Gb Free Space | 30.47% Space Free | Partition Type: NTFS
Drive D: | 87.95 Gb Total Space | 65.83 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: NK-PC | User Name: NK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\NK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)


========== Modules (SafeList) ==========

MOD - C:\Users\NK\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Elantech\ETDApix.dll (ELAN Microelectronics Corp.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (InstallFilterService) -- C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (Acceler) -- C:\Windows\System32\drivers\Acceler.sys (ST Microelectronics)
DRV - (stdflt) -- C:\windows\system32\DRIVERS\stdflt.sys (ST Microelectronics)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ETD) -- C:\Windows\System32\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (btwampfl) -- C:\Windows\System32\drivers\btwampfl.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aldaily.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/17 20:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 23:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/01/17 22:56:51 | 000,000,000 | ---D | M]

[2011/01/17 20:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NK\AppData\Roaming\Mozilla\Extensions
[2011/01/17 20:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NK\AppData\Roaming\Mozilla\Firefox\Profiles\qngmfxtz.default\extensions
[2011/01/17 20:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 12:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 12:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 12:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 12:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/26 12:02:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 12:02:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/26 08:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/01/24 08:46:00 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\NK\Desktop\OTL.exe
[2011/01/23 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Diagnostics
[2011/01/21 00:03:22 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\ESET
[2011/01/19 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Oceanis
[2011/01/19 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\WinRAR
[2011/01/19 00:38:59 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/01/19 00:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/01/19 00:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/01/19 00:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/01/18 23:58:50 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Youcam
[2011/01/18 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\vlc
[2011/01/18 02:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/01/18 02:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/01/18 02:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/01/18 02:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/01/18 00:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/01/18 00:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/01/18 00:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/01/18 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Malwarebytes
[2011/01/18 00:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/18 00:30:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/01/18 00:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/18 00:30:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/01/18 00:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/17 23:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/01/17 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/01/17 23:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/01/17 23:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/01/17 23:07:18 | 000,000,000 | ---D | C] -- C:\windows\SHELLNEW
[2011/01/17 23:06:55 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Microsoft Help
[2011/01/17 23:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/01/17 23:06:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/01/17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/01/17 22:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/17 22:20:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/01/17 22:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/01/17 22:02:08 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\uTorrent
[2011/01/17 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/01/17 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Bluetooth Exchange Folder
[2011/01/17 20:56:50 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\skypePM
[2011/01/17 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Mozilla
[2011/01/17 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Mozilla
[2011/01/17 20:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/17 20:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/17 20:39:09 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Macromedia
[2011/01/17 20:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/01/17 20:26:59 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Adobe
[2011/01/17 20:14:37 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Skype
[2011/01/17 20:11:54 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\German
[2011/01/17 20:11:52 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Excercise
[2011/01/17 20:11:47 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Education & Other Articles
[2011/01/17 20:11:32 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Academics
[2011/01/17 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Writing
[2011/01/17 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Residency Applications
[2011/01/17 20:11:25 | 000,000,000 | R--D | C] -- C:\Users\NK\Documents\Philosophy and Literature Journal
[2011/01/17 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Misc
[2011/01/17 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\NK\Documents\Letters
[2011/01/17 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Google
[2011/01/17 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Google
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\Searches
[2011/01/17 19:56:51 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/17 19:56:50 | 000,000,000 | -H-D | C] -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/17 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Identities
[2011/01/17 19:56:36 | 000,000,000 | R--D | C] -- C:\Users\NK\Contacts
[2011/01/17 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/01/17 19:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/01/17 19:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/01/17 19:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/01/17 19:49:53 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2011/01/17 19:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/17 19:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/17 19:47:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/01/17 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/01/17 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/17 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/17 19:46:52 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/01/17 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/01/17 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
[2011/01/17 19:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
[2011/01/17 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2011/01/17 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Game Pack
[2011/01/17 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Adobe
[2011/01/17 19:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/17 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/17 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/17 19:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/01/17 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\VirtualStore
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\Temporary Internet Files
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Templates
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Start Menu
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\SendTo
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Recent
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\PrintHood
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\NetHood
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Videos
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Pictures
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Documents\My Music
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\My Documents
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Local Settings
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\History
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Cookies
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\Application Data
[2011/01/17 19:34:18 | 000,000,000 | -HSD | C] -- C:\Users\NK\AppData\Local\Application Data
[2011/01/17 19:34:17 | 000,000,000 | --SD | C] -- C:\Users\NK\AppData\Roaming\Microsoft
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Videos
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Saved Games
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Pictures
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Music
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Links
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Favorites
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Downloads
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\My Documents
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\Desktop
[2011/01/17 19:34:17 | 000,000,000 | R--D | C] -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/17 19:34:17 | 000,000,000 | -H-D | C] -- C:\Users\NK\AppData
[2011/01/17 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Temp
[2011/01/17 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\NK\AppData\Local\Microsoft
[2011/01/17 19:33:04 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/01/26 12:04:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/26 12:03:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/26 12:03:30 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/26 12:02:14 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/01/26 11:57:33 | 001,077,123 | ---- | M] () -- C:\Users\NK\Documents\Luneberg Stadtplan_DS.pdf
[2011/01/26 11:57:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/26 11:46:15 | 000,360,915 | ---- | M] () -- C:\Users\NK\Desktop\possible olmarok trmoval.docx
[2011/01/26 11:46:01 | 000,014,687 | ---- | M] () -- C:\Users\NK\Documents\!Letters to respond to!.docx
[2011/01/26 08:19:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/26 08:19:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 08:46:34 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\NK\Desktop\OTL.exe
[2011/01/22 14:44:53 | 000,619,642 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/22 14:44:53 | 000,107,792 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/20 21:13:29 | 000,297,816 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/19 00:42:56 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Oceanis Change Background W7.lnk
[2011/01/18 00:30:34 | 000,001,091 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/17 22:19:38 | 165,817,365 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/01/17 20:56:51 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 20:47:25 | 000,001,909 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/17 20:00:14 | 000,001,407 | ---- | M] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/17 19:51:50 | 000,020,534 | ---- | M] () -- C:\Users\NK\Documents\some beautiful sections from the third elegy.docx
[2011/01/17 19:47:32 | 000,010,467 | ---- | M] () -- C:\Users\NK\Documents\Research in Germany.docx
[2011/01/17 19:37:32 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/01/17 19:34:28 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_B30P_01KZ.mrk
[2011/01/17 18:32:20 | 000,105,807 | ---- | M] () -- C:\windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011/01/26 11:57:33 | 001,077,123 | ---- | C] () -- C:\Users\NK\Documents\Luneberg Stadtplan_DS.pdf
[2011/01/25 11:47:43 | 000,014,687 | ---- | C] () -- C:\Users\NK\Documents\!Letters to respond to!.docx
[2011/01/24 08:45:15 | 000,296,448 | ---- | C] () -- C:\Users\NK\Desktop\gmer.exe
[2011/01/23 13:38:38 | 000,360,915 | ---- | C] () -- C:\Users\NK\Desktop\possible olmarok trmoval.docx
[2011/01/19 00:42:56 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oceanis Change Background W7.lnk
[2011/01/19 00:42:56 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Oceanis Change Background W7.lnk
[2011/01/18 21:16:38 | 650,890,664 | ---- | C] () -- C:\Users\NK\Documents\10,000 classical guitar scores.pdf
[2011/01/18 02:17:05 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/01/18 00:30:34 | 000,001,091 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/17 22:19:38 | 165,817,365 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/01/17 20:56:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 20:47:32 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 20:47:30 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/17 20:47:25 | 000,001,909 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/17 20:11:32 | 000,020,534 | ---- | C] () -- C:\Users\NK\Documents\some beautiful sections from the third elegy.docx
[2011/01/17 20:11:32 | 000,019,096 | ---- | C] () -- C:\Users\NK\Documents\some poems by Pessoa.docx
[2011/01/17 20:11:32 | 000,010,467 | ---- | C] () -- C:\Users\NK\Documents\Research in Germany.docx
[2011/01/17 20:11:31 | 000,321,861 | ---- | C] () -- C:\Users\NK\Documents\Naomi-submit-cra09.pdf
[2011/01/17 20:11:31 | 000,059,861 | ---- | C] () -- C:\Users\NK\Documents\Continuous.docx
[2011/01/17 20:11:31 | 000,051,712 | ---- | C] () -- C:\Users\NK\Documents\Naomi Kalfa updated resume (WITH VOL AND REF).doc
[2011/01/17 20:00:14 | 000,001,407 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/17 19:57:02 | 000,001,413 | ---- | C] () -- C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/01/17 19:56:24 | 000,562,718 | ---- | C] () -- C:\windows\surbey.ico
[2011/01/17 19:54:58 | 000,000,146 | ---- | C] () -- C:\Users\NK\DiskScrP.txt
[2011/01/17 19:40:05 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/01/17 19:39:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/17 19:34:53 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/01/17 19:34:28 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_B30P_01KZ.mrk
[2011/01/17 19:34:18 | 000,000,290 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/17 19:34:18 | 000,000,272 | ---- | C] () -- C:\Users\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/04 05:23:09 | 000,000,600 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/05/04 05:04:59 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/09/28 04:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2011/01/19 20:38:00 | 000,000,000 | ---D | M] -- C:\Users\NK\AppData\Roaming\uTorrent
[2011/01/20 10:13:48 | 000,011,694 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

I ran the TDSS KILLER scan, and here are the results:
2011/01/26 16:17:48.0929 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/26 16:17:48.0929 ================================================================================
2011/01/26 16:17:48.0929 SystemInfo:
2011/01/26 16:17:48.0929
2011/01/26 16:17:48.0929 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/26 16:17:48.0929 Product type: Workstation
2011/01/26 16:17:48.0929 ComputerName: NK-PC
2011/01/26 16:17:48.0929 UserName: NK
2011/01/26 16:17:48.0929 Windows directory: C:\windows
2011/01/26 16:17:48.0929 System windows directory: C:\windows
2011/01/26 16:17:48.0929 Processor architecture: Intel x86
2011/01/26 16:17:48.0929 Number of processors: 2
2011/01/26 16:17:48.0929 Page size: 0x1000
2011/01/26 16:17:48.0929 Boot type: Normal boot
2011/01/26 16:17:48.0929 ================================================================================
2011/01/26 16:17:50.0489 Initialize success
2011/01/26 16:17:53.0172 ================================================================================
2011/01/26 16:17:53.0172 Scan started
2011/01/26 16:17:53.0172 Mode: Manual;
2011/01/26 16:17:53.0172 ================================================================================
2011/01/26 16:17:54.0670 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/26 16:17:54.0810 Acceler (37ff6f2b5d4f15248814002265d61b01) C:\windows\system32\DRIVERS\Acceler.sys
2011/01/26 16:17:55.0060 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/26 16:17:55.0138 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/26 16:17:55.0247 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/26 16:17:55.0434 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/26 16:17:55.0543 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/26 16:17:55.0715 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/01/26 16:17:55.0855 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/01/26 16:17:55.0964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/01/26 16:17:56.0152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/01/26 16:17:56.0230 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/01/26 16:17:56.0370 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/01/26 16:17:56.0557 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/26 16:17:56.0666 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/26 16:17:56.0760 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/26 16:17:57.0758 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/26 16:18:00.0254 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/26 16:18:00.0364 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/01/26 16:18:00.0613 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/01/26 16:18:00.0707 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/26 16:18:00.0816 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/26 16:18:01.0003 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/01/26 16:18:01.0346 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/01/26 16:18:01.0440 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/26 16:18:01.0768 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/01/26 16:18:02.0017 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/01/26 16:18:02.0204 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/26 16:18:02.0298 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/01/26 16:18:02.0407 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/26 16:18:02.0563 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/26 16:18:02.0704 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/01/26 16:18:02.0797 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/26 16:18:02.0953 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/26 16:18:03.0047 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/26 16:18:03.0140 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/26 16:18:03.0296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/26 16:18:03.0406 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/26 16:18:03.0530 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/01/26 16:18:03.0702 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/26 16:18:03.0827 btwampfl (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys
2011/01/26 16:18:03.0952 btwaudio (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys
2011/01/26 16:18:04.0061 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\DRIVERS\btwavdt.sys
2011/01/26 16:18:04.0217 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/01/26 16:18:04.0310 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
2011/01/26 16:18:04.0435 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/26 16:18:04.0622 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/26 16:18:04.0747 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/01/26 16:18:04.0872 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/01/26 16:18:05.0044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/26 16:18:05.0153 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/26 16:18:05.0231 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/01/26 16:18:05.0293 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/26 16:18:05.0465 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/26 16:18:05.0605 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/26 16:18:05.0902 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/01/26 16:18:06.0026 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/01/26 16:18:06.0120 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/01/26 16:18:06.0401 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/01/26 16:18:06.0526 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/26 16:18:06.0728 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\windows\system32\DRIVERS\eamonm.sys
2011/01/26 16:18:06.0978 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/01/26 16:18:07.0290 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\windows\system32\DRIVERS\ehdrv.sys
2011/01/26 16:18:07.0602 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
2011/01/26 16:18:07.0727 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/26 16:18:07.0914 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\windows\system32\DRIVERS\epfwwfpr.sys
2011/01/26 16:18:08.0023 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/01/26 16:18:08.0226 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
2011/01/26 16:18:08.0429 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/01/26 16:18:08.0538 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/01/26 16:18:08.0756 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/01/26 16:18:08.0928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/01/26 16:18:09.0053 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/01/26 16:18:09.0162 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/26 16:18:09.0256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/01/26 16:18:09.0412 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/01/26 16:18:09.0614 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/01/26 16:18:09.0739 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/26 16:18:10.0036 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/26 16:18:10.0192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/26 16:18:10.0363 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/01/26 16:18:10.0504 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/01/26 16:18:10.0597 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/26 16:18:10.0660 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/26 16:18:10.0816 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/26 16:18:10.0894 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/01/26 16:18:10.0987 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/26 16:18:11.0206 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/26 16:18:11.0315 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/01/26 16:18:11.0455 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/01/26 16:18:11.0533 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/26 16:18:11.0705 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/26 16:18:11.0814 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/26 16:18:12.0188 igfx (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/26 16:18:12.0485 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/26 16:18:12.0875 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
2011/01/26 16:18:13.0140 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/01/26 16:18:13.0202 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/26 16:18:13.0312 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/26 16:18:13.0499 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/26 16:18:13.0577 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/01/26 16:18:13.0655 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/01/26 16:18:13.0795 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/26 16:18:13.0904 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/26 16:18:14.0045 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/26 16:18:14.0123 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/26 16:18:14.0216 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/01/26 16:18:14.0310 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/26 16:18:14.0575 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/26 16:18:14.0716 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/26 16:18:14.0809 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/26 16:18:14.0887 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/26 16:18:15.0028 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/26 16:18:15.0106 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/01/26 16:18:15.0184 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/01/26 16:18:15.0324 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/26 16:18:15.0464 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/01/26 16:18:15.0542 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/01/26 16:18:15.0698 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/26 16:18:15.0776 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/26 16:18:15.0854 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/01/26 16:18:15.0948 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/01/26 16:18:16.0073 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/01/26 16:18:16.0182 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/01/26 16:18:16.0276 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/26 16:18:16.0400 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/26 16:18:16.0478 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/26 16:18:16.0556 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/01/26 16:18:16.0634 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/26 16:18:16.0822 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/01/26 16:18:16.0884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/26 16:18:16.0962 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/26 16:18:17.0071 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/26 16:18:17.0196 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/26 16:18:17.0290 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/01/26 16:18:17.0368 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/01/26 16:18:17.0461 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/26 16:18:17.0555 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/01/26 16:18:17.0633 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/26 16:18:17.0758 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/01/26 16:18:17.0882 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/26 16:18:17.0992 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/01/26 16:18:18.0132 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/26 16:18:18.0194 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/26 16:18:18.0288 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/26 16:18:18.0397 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/26 16:18:18.0491 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/01/26 16:18:18.0585 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/01/26 16:18:18.0663 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/01/26 16:18:18.0834 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/26 16:18:18.0990 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/01/26 16:18:19.0099 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/01/26 16:18:19.0240 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/01/26 16:18:19.0365 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/01/26 16:18:19.0474 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/26 16:18:19.0552 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/26 16:18:19.0630 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/26 16:18:19.0786 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/26 16:18:19.0957 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/01/26 16:18:20.0051 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/01/26 16:18:20.0160 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/26 16:18:20.0254 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/01/26 16:18:20.0394 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/01/26 16:18:20.0535 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/26 16:18:20.0613 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/01/26 16:18:20.0737 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/01/26 16:18:21.0159 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/26 16:18:21.0237 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/01/26 16:18:21.0377 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/01/26 16:18:21.0549 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/26 16:18:21.0736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/26 16:18:21.0845 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/01/26 16:18:21.0923 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/26 16:18:22.0079 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/26 16:18:22.0173 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/26 16:18:22.0344 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/26 16:18:22.0407 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/26 16:18:22.0500 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/26 16:18:22.0578 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/26 16:18:22.0672 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/26 16:18:22.0843 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/01/26 16:18:22.0937 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/01/26 16:18:22.0984 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/01/26 16:18:23.0077 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/01/26 16:18:23.0280 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/01/26 16:18:23.0452 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/26 16:18:23.0623 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/01/26 16:18:23.0701 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/01/26 16:18:23.0873 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/26 16:18:23.0982 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/26 16:18:24.0138 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/26 16:18:24.0357 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/01/26 16:18:24.0435 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/01/26 16:18:24.0528 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/26 16:18:24.0840 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/01/26 16:18:24.0887 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/01/26 16:18:24.0965 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/01/26 16:18:25.0043 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/26 16:18:25.0246 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/01/26 16:18:25.0324 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/26 16:18:25.0417 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/26 16:18:25.0558 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/01/26 16:18:25.0683 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/01/26 16:18:25.0901 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/01/26 16:18:26.0057 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/01/26 16:18:26.0119 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/26 16:18:26.0291 stdflt (972f577308b006070de8d09573dbae53) C:\windows\system32\DRIVERS\stdflt.sys
2011/01/26 16:18:26.0431 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/26 16:18:26.0556 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/01/26 16:18:26.0977 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/01/26 16:18:27.0180 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/26 16:18:27.0367 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/01/26 16:18:27.0477 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/01/26 16:18:27.0586 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/01/26 16:18:27.0648 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/01/26 16:18:27.0726 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/01/26 16:18:27.0976 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/26 16:18:28.0132 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/26 16:18:28.0194 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/26 16:18:28.0272 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/01/26 16:18:28.0522 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/26 16:18:28.0584 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/01/26 16:18:28.0678 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/01/26 16:18:28.0865 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/26 16:18:28.0943 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/26 16:18:28.0990 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/26 16:18:29.0146 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/26 16:18:29.0224 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/26 16:18:29.0302 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/26 16:18:29.0380 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/26 16:18:29.0458 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/26 16:18:29.0614 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/01/26 16:18:29.0754 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
2011/01/26 16:18:29.0832 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/26 16:18:29.0988 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/26 16:18:30.0051 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/01/26 16:18:30.0144 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/26 16:18:30.0238 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/01/26 16:18:30.0409 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/01/26 16:18:30.0503 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/01/26 16:18:30.0581 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/26 16:18:30.0643 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/01/26 16:18:30.0721 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/26 16:18:30.0893 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/26 16:18:30.0987 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/26 16:18:31.0080 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/26 16:18:31.0236 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/26 16:18:31.0392 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/26 16:18:31.0470 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/26 16:18:31.0673 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/01/26 16:18:31.0767 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/01/26 16:18:32.0094 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/26 16:18:32.0172 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/01/26 16:18:32.0469 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/26 16:18:32.0656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/26 16:18:32.0843 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/01/26 16:18:33.0015 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/26 16:18:33.0202 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/01/26 16:18:33.0919 ================================================================================
2011/01/26 16:18:33.0919 Scan finished
2011/01/26 16:18:33.0919 ================================================================================


Thanks!

[Essexboy]

OK 'tis not the usual variant then

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[nkk]

Hello,

After disabling my antivirus, I ran ComboFix.
Here are the results:
ComboFix 11-01-24.01 - NK 27/01/2011 9:07.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1013.321 [GMT -5:00]
Running from: c:\users\NK\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 14:25 . 2011-01-27 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-27 13:59 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-27 13:59 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-27 13:56 . 2011-01-27 13:56 -------- d-----w- c:\program files\iPod
2011-01-27 13:56 . 2011-01-27 13:59 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-27 13:50 . 2011-01-27 13:50 -------- d-----w- c:\programdata\Apple
2011-01-26 17:02 . 2011-01-26 17:02 -------- d-----w- C:\_OTL
2011-01-25 13:06 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18F897B3-A717-4F49-B420-80869FC4C539}\mpengine.dll
2011-01-25 11:28 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-19 15:23 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-19 15:23 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-19 15:23 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-19 15:23 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-19 15:23 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-19 09:14 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-01-19 05:42 . 2011-01-19 05:42 -------- d-----w- c:\program files\Oceanis
2011-01-19 05:24 . 2011-01-19 05:24 -------- d-----w- c:\programdata\CyberLink
2011-01-19 05:04 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-19 05:00 . 2011-01-19 05:00 -------- d-----w- c:\users\Public\CyberLink
2011-01-19 05:00 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-01-19 05:00 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-01-19 05:00 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-01-19 05:00 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-19 04:59 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-01-19 04:59 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-19 04:59 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-01-19 04:59 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-01-19 04:59 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-01-19 04:59 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-01-19 02:55 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-01-19 02:55 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-01-19 02:55 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-01-19 02:55 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-01-19 02:55 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-01-19 02:55 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-01-19 02:55 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-01-19 02:55 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-19 02:55 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-01-19 02:55 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-01-19 02:55 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-19 02:53 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-01-19 02:53 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-19 02:53 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-19 02:53 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-01-19 02:53 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-19 02:53 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-19 02:52 . 2010-10-19 15:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-18 07:17 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-01-18 07:16 . 2011-01-18 07:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-01-18 07:04 . 2011-01-18 07:04 -------- d-----w- c:\program files\Elaborate Bytes
2011-01-18 05:55 . 2011-01-18 05:55 -------- d-----w- c:\program files\VideoLAN
2011-01-18 05:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-18 05:30 . 2011-01-18 05:30 -------- d-----w- c:\programdata\Malwarebytes
2011-01-18 05:30 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 05:30 . 2011-01-18 05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-18 04:12 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-01-18 04:12 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-01-18 04:10 . 2011-01-18 04:10 -------- d-----w- c:\program files\Microsoft Works
2011-01-18 04:07 . 2011-01-18 04:07 -------- d-----w- c:\windows\SHELLNEW
2011-01-18 04:06 . 2011-01-18 04:12 -------- d-----w- c:\programdata\Microsoft Help
2011-01-18 04:06 . 2011-01-18 04:06 -------- d-----r- C:\MSOCache
2011-01-18 03:56 . 2011-01-18 03:56 -------- d-----w- c:\program files\ESET
2011-01-18 03:03 . 2011-01-18 03:03 -------- d-----w- c:\program files\uTorrent
2011-01-18 02:06 . 2011-01-18 07:47 -------- d-----w- c:\programdata\Rosetta Stone
2011-01-18 01:37 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-01-18 01:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-01-18 00:51 . 2011-01-18 00:51 -------- d-----w- c:\program files\CyberLink
2011-01-18 00:50 . 2011-01-26 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-18 00:49 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-18 00:49 . 2011-01-27 13:59 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-18 00:48 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-18 00:48 . 2011-01-18 00:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-18 00:47 . 2011-01-18 00:47 -------- d-----w- c:\program files\Microsoft
2011-01-18 00:47 . 2011-01-18 00:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-01-18 00:47 . 2011-01-18 00:49 -------- d-----w- c:\program files\Windows Live
2011-01-18 00:46 . 2011-01-18 00:46 -------- d-----w- c:\windows\PCHEALTH
2011-01-18 00:45 . 2011-01-18 00:45 -------- d-----w- c:\program files\Common Files\Windows Live
2011-01-18 00:44 . 2011-01-18 00:44 -------- d-----w- c:\programdata\OberonGameConsole
2011-01-18 00:40 . 2011-01-18 00:40 -------- d-----w- c:\program files\Common Files\Oberon Media
2011-01-18 00:39 . 2011-01-23 20:45 -------- d-----w- c:\program files\Game Pack
2011-01-18 00:39 . 2011-01-18 00:39 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-18 00:37 . 2010-03-06 02:03 286248 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-01-18 00:37 . 2010-03-02 07:37 33320 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-01-18 00:37 . 2010-02-15 12:04 88104 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-01-18 00:37 . 2010-01-14 07:40 111144 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-01-18 00:37 . 2010-01-14 07:40 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-01-18 00:34 . 2011-01-18 00:34 -------- d-----w- c:\program files\WIDCOMM
2011-01-18 00:34 . 2011-01-18 00:56 -------- d-----w- c:\users\NK
2011-01-18 00:33 . 2011-01-18 00:33 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-19 15:32 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-04 10:22 433648 ----a-w- c:\programdata\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2010-04-23 1208320]
"NortonOnlineBackup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 926040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-7 828704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 135664]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-04-23 60928]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-04 332272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2010-04-23 16176]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2010-04-23 42416]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 286248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 109056]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 01:47]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 01:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\NK\AppData\Roaming\Mozilla\Firefox\Profiles\qngmfxtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aldaily.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3900)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-01-27 09:32:38
ComboFix-quarantined-files.txt 2011-01-27 14:32

Pre-Run: 11,863,756,800 bytes free
Post-Run: 11,783,012,352 bytes free

- - End Of File - - C30A32F94C2CA08C1CA0FC14127E3926

Thank you.

[Essexboy]

Are the redirects still occuring ? Do you use a router ? Are the redirects in Firefox, IE or both ?

[nkk]

Hello,

The redirects have stopped occurring. They were occurring in both Firefox and IE. I am plugged in with a DSL cable. Although the redirects have stopped, my internet has become exceedingly slow, and opening both Firefox and IE is taking a very long time - a problem which has only just developed. DO you think these two are connected? Are the logs I submitted coming back clean?

Thanks!

[Essexboy]

The logs appear clean - so lets do a little TLC before I remove my tools and then see whether your operational speed improves

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

[nkk]

Hello,


I ran both the TFC and the Puran, and things seem to be a bit better now. Is there anything else you would recommend I do? Or shall I just remove all the programs I downloaded for these fixes?

Thank you!

[Essexboy]

Let me remove my tools for you

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL again and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools page
• Select Performance Information and Tools
• Right click Disc cleanup an select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[nkk]

Hello,

I ran OTL and pasted your commands into the custom box, then hit Run Fix, and rebooted.
Here are the results:
All processes killed
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NK
->Temp folder emptied: 3395 bytes
->Temporary Internet Files folder emptied: 35596 bytes
->FireFox cache emptied: 32734974 bytes
->Flash cache emptied: 574 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: NK
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.5 log created on 01292011_210858

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




I Then ran the cleanup, and all of the programs were deleted, except for TFC and Puran.
Shall I delete TFC? And would you recomment leaving Puran? ERUNT is not on my computer,
and MBAM (I believe this is referring to Malware Bytes AntiMalware?) I will definitely keep,
as it's a valuable tool to have.

I completed the "Spring Cleaning" as per your specifications.

Does everything look good now?

[Essexboy]

I would recommend that you keep Puran (better than the windows defrag) and TFC. Use them both every week or so to keep the system clean and tidy

But, subject to no further problems you are good to go

[nkk]

Hey,

Sounds good. Thank you very much for all your help and patience - I really appreciate it!

Cheers!

-Naomi