Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SMSS.exe Virus Problem

Started by Dom Fontana , Apr 30 2011 06:26 AM

  • This topic is locked This topic is locked

#1
Dom Fontana
Posted 30 April 2011 - 06:26 AM

Dom Fontana

    Member

  • Member
  • PipPipPip
  • 170 posts
Hello. I hope that someone can help me with my problem.

Brief Background: Two weeks ago, I was infected with the MS Removal Tool Virus. I read how to get rid of it and did, and that appears okay now. Then, about 10 days later, I started having different problems. I ran AVG Anti Virus 2011 Free Edition and it found the KRYPTIK Trojan and I was able to get rid of that, too. I am NOT having problems with these threats now, but I just mention them, in case they are a factor.

Current Problem: I believe I have the SMSS.exe Virus/Malware problem now. I read up on it, but it appears there is no one way to fix it. Everybody suggested different things.

Symptoms:

1) Internet Explorer is behaving very poorly and I am constantly redirected. If I do a Search and then click on one of the results in the Search window, I am redirected. If I use one of my Favorites links, I am sometimes redirected. If I type the URL in myself, I am not redireted. I occasionally get pop-up ads, but not that often. In addition, everything runs very slowly and there is a delayed reaction when I click on something. Also, when I open a new Tab, sometimes the Tab opens, but is grayed out and I can'r select it. Finally, IE occasionally locks up and I have to use Task Manager to close it.

Note that my problems started right after I upgraded to Internet Explorer 9. I didn't like the new version anyway and have now uninstalled the upgrade and am using Internet Explorer 8 again. Also, I tried using Firefox and that was fine for a day and then it also got infected.

2) The Windows Security Center Service was turned off and I am not able to turn it back on.

3) My system occasionally crashes in the middle of a session and reboots. I had never had this problem before.

4) I am not able to Shut Down my computer properly. When I select Shut Down, sometimes, but not always, it says a program is preventing the Shut Down and asks me if I want to force a Shut Down. Then when it finally does shut down, the power to the computer is not turned off, the way it is supposed to. Instead, it shuts down and then immediately reboots, as if I had selected Restart. So I have to manually turn the power off. Then the next time I start the computer, I get the boot screen that says Windows didn't properly shut down and gives me the option to boot in Safe Mode.

What I did: I ran AVG Anti-Virus 2011 Free Edition and it found 12 threats, however, it can only get rid of 6 of them. Each threat has 2 parts and the second part is in memory and those are the ones it can't get rid of. Here is an example of what I mean:

4 of the 12 Threats: (The other threats are similar.)

C:\Windows\system32\smss.exe(384)
C:\Windows\system32\smss.exe(384):\memory_00110000

C:\Windows\Explorer.exe(2096)
C:\Windows\Explorer.exe(2096):\memory_00010000

I have 12 threats like these and AVG gets rid of the first threat of the pair, but not the second threat, where it says memory. For the memory threats it says, "Object is inaccessible." So it gets rid of 6 of the threats and leaves the 6 threats that say memory intact. Of course, after I reboot, it replicates itself and a scan shows the same 12 threats again. So I still have the problem.

Then I used Malwarebytes Anti-Malware and it just found 9 Adware Agents and Adware. Ziniky and got rid of them.

I also used Advanced SystemCare 4 and that didn't get rid of it.

I am using Windows 7 Ultimate - 32 bit and Internet Explorer 8.

The bottom line is that I still have the problem and would like to know how to get rid of it. As you can see from above, I need to get rid of the memory threats.

Any help would be appreciated and let me know if you need more information.

Thank you very much.

Dominick J. Fontana

Edited by Dom Fontana, 30 April 2011 - 06:32 AM.

  • 0

Advertisements

#2
Essexboy
Posted 30 April 2011 - 07:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need to see what is on your system

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Dom Fontana
Posted 30 April 2011 - 09:45 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Essexboy.

I am honored that a Moderator answered me. Your directions were great and both scans worked like a charm.

Just note that I have a 500 GB hard drive, with 3 partitions. C is for the Win 7 OS; D is for my Programs; and E is for my Data.

I have attached the 3 reports below.

Thanks very much for your help. I appreciate it.

Dominick
OTL logfile created on: 4/30/2011 11:23:49 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dominick J. Fontana\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 7.28 Gb Free Space | 16.09% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 37.99 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 60.47 Gb Free Space | 34.22% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgchsvx.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgcsrvx.exe
PRC - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2001/11/09 02:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2001/11/09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IS360service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/01/08 13:07:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 06:22:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/20 06:08:43 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/13 08:23:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/13 08:23:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/25 21:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/26 16:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/02/20 18:36:24 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY012.sys -- (CGY012)
DRV - [2004/10/26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programs\Fresh Devices\Fresh Diagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60280
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60280


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc12.mail.....jsrand=4525738
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7B 18 41 E6 5A CA 01 [binary data]
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1108.mai...rand=587317658"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/08 11:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programs\AVG9\Firefox\ [2011/01/01 22:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Programs\AVG9\Firefox4\ [2011/04/05 02:56:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/04/26 12:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/04/26 12:46:45 | 000,000,000 | ---D | M]

[2011/01/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2010/01/10 03:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 06:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 04:28:25 | 000,001,620 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\searchplugins\mozilla-add-ons.xml

Hosts file not found
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programs\Fresh Devices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4fd1fc28-2a96-493c-9556-5477d34ccece} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programs\Fresh Devices\FreshDownload\fdiebar.dll (FreshDevices Corp.)
O3 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] D:\Programs\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FreshDownload - {55058DA0-D957-449D-8E5C-BFBA08E46B3F} - D:\Programs\Fresh Devices\FreshDownload\fd.exe (FreshDevices.com.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268383829468 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programs\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgchsvx.exe /sync) - D:\Programs\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgrsx.exe /sync /restart) - D:\Programs\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 11:18:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/04/30 11:18:24 | 000,574,464 | ---- | C] (AVAST Software) -- C:\Users\Dominick J. Fontana\Desktop\aswMBR.exe
[2011/04/30 05:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\Windows\Dream Chronicles 2 - The Eternal Maze
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2011/04/28 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/04/28 07:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 07:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/28 07:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 07:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2011/04/23 08:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\mAp01804bMjCc01804_Virus
[2011/04/22 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/04/19 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/04/17 14:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\nJk01803bApPi01803
[2011/04/17 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/04/17 05:40:18 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/16 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SunRay Games
[2011/04/14 11:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/04/14 11:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/04/12 05:06:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/04/12 04:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Letters from Nowhere
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2011/04/07 11:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/07 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2011/04/06 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/04/06 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/02 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/02 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/04/02 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Nick Chase 2 The Deadly Diamond
[2011/04/01 08:51:16 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/04/01 08:49:28 | 000,000,000 | ---D | C] -- C:\Windows\Empress Of The Deep
[2011/03/31 11:42:32 | 000,000,000 | ---D | C] -- C:\Windows\The Secret of Margrave Manor
[2010/09/29 20:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2010/08/20 08:02:15 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\Users\Dominick J. Fontana\AppData\Roaming\t1.exe
[2009/02/03 08:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\Dominick J. Fontana\AppData\Roaming\7za.exe
[7 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 11:20:00 | 000,000,512 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\MBR.dat
[2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/04/30 11:18:24 | 000,574,464 | ---- | M] (AVAST Software) -- C:\Users\Dominick J. Fontana\Desktop\aswMBR.exe
[2011/04/30 11:11:20 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 11:11:20 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 11:08:18 | 001,004,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 11:08:18 | 000,234,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 11:03:56 | 000,000,577 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/04/30 11:03:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 11:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 11:03:24 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 10:48:27 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 05:27:18 | 113,791,285 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/29 13:15:51 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 07:00:14 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:09:21 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/28 05:26:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/04/22 11:26:42 | 000,279,700 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/04/18 14:51:41 | 000,005,120 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/13 23:00:31 | 000,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 04:00:53 | 000,001,744 | RHS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.pol
[2011/04/06 03:34:58 | 000,001,416 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[7 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 11:20:00 | 000,000,512 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\MBR.dat
[2011/04/29 13:15:51 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:58:15 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 06:09:21 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:26:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/22 11:26:55 | 000,279,700 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 14:48:21 | 000,005,120 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/19 10:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/23 06:40:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:39:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/22 12:05:19 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/22 12:05:19 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/01/22 12:05:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/22 11:37:52 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/01/21 12:34:44 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2010/11/12 08:11:22 | 000,071,484 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\ClassicFTP.dmp
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/20 07:00:31 | 004,098,560 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\btbar.msi
[2010/08/20 07:00:31 | 000,013,207 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MyTestToolbar.xpi
[2010/08/20 07:00:31 | 000,000,054 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\setup.dat
[2010/07/19 06:19:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010/07/17 05:30:44 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/16 22:38:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/04 06:58:49 | 000,000,803 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010/07/04 06:47:50 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI
[2010/04/07 06:12:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/03/09 05:10:40 | 000,000,169 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\default.rss
[2010/03/09 05:10:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/06 07:28:14 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/18 07:36:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/18 03:11:25 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileOut.cns
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileIn.cns
[2010/02/13 08:18:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/02/13 08:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/07 05:13:14 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/21 05:15:17 | 000,070,656 | ---- | C] () -- C:\Windows\RSetupCE.exe
[2009/12/22 05:15:29 | 000,000,577 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/12/22 05:15:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/12/22 05:15:28 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2009/11/15 19:38:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/11/15 19:33:25 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Mpwinapppiobas69.dat
[2009/11/15 19:32:27 | 000,112,156 | ---- | C] () -- C:\Windows\System32\Msdts325.dat
[2009/11/15 18:50:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 05:41:36 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Mros416.dll
[2009/11/01 22:58:39 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2009/11/01 19:20:54 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/11/01 19:20:54 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/11/01 19:20:54 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/01 19:20:54 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/01 19:20:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/01 09:04:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 07:50:58 | 000,022,068 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,413,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 001,004,622 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,234,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MafiaSetup.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 00:25:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\.minecraft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2K Sports
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\6EA5E0D4CF863867DCEF28FC4C867231
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/02/13 07:48:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Audio Converter
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Video Converter
[2011/03/27 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG9
[2011/04/12 05:46:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/01/31 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/04/30 10:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/02/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/04/18 08:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/04/17 05:40:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CoreFTP
[2011/03/16 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 06:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/03/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/02/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DonationCoder
[2011/03/27 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/02/18 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/02/17 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/02/15 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/03/20 07:06:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/04/12 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/03/16 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/03/29 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/04/24 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/03/08 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/03/06 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/02/24 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/03/17 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/03/25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshDiagnose
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshHTML
[2011/02/13 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Friday's games
[2011/02/15 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Frogwares
[2011/03/29 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FrostWire
[2011/02/24 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/03/15 08:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/02/26 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/02/20 08:51:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/04/19 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/02/02 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/04/17 05:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/02 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/02/19 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/04/06 09:21:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/04/02 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/30 05:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/01/25 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iShell
[2011/02/07 09:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/01/08 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LimeWire
[2011/02/22 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/02/25 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MA2
[2011/04/07 10:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/03/13 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/04/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/02/24 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/04/17 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Orneon
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Out of the Park Developments
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/02/07 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/04/29 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/03/02 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/03/30 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ProtectDISC
[2011/03/16 08:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\QB9
[2011/03/02 09:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Seven Zip
[2011/04/01 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/03/16 09:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/03/15 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Steinberg
[2011/04/19 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/08 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/07 11:32:55 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/23 08:58:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/04/05 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/03/23 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/02/16 11:29:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/04/26 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/04/23 17:01:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/08/17 04:53:22 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2011/04/30 10:31:07 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector (1).exe
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe


< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8F0F82EC
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CC30FDA5

< End of report >

Attached File  Fontana_Computer_Log.txt   1.63KB   144 downloadsAttached File  OTL.Txt   131.21KB   102 downloadsAttached File  Extras.Txt   31.29KB   113 downloads
  • 0

#4
Essexboy
Posted 30 April 2011 - 09:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have a TDL3 rootkit - unfortunately ASWMbr is not geared up for that - but I know a programme that is :)

11:19:22.457 MBR BIOS signature not found 0
11:19:22.457 Disk 0 scanning sectors +976768065
11:19:22.473 Disk 0 scanning C:\Windows\system32\drivers
11:19:27.574 File C:\Windows\system32\drivers\sptd.sys TDL3 **ROOTKIT**
11:19:27.589 Disk 0 trace - called modules:


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {4fd1fc28-2a96-493c-9556-5477d34ccece} - No CLSID value found.
    O3 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/04/17 14:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\nJk01803bApPi01803

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Dom Fontana
Posted 30 April 2011 - 12:42 PM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Wow, thank you for the prompt and detailed response. I will look this over later and then report back to you.

Thank you so much.
  • 0

#6
Dom Fontana
Posted 30 April 2011 - 09:41 PM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Essexboy.

You're from England, right?

I did everything you asked and it went off without a hitch. I have attached the 2 log files here.

Thanks for everything.

Dominick

Attached File  Fontana_Computer_Report.txt   107.99KB   120 downloadsAttached File  TDSSKiller.2.4.21.0_30.04.2011_23.25.58_log.txt   68.78KB   129 downloads

OTL logfile created on: 4/30/2011 11:20:08 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 8.19 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 37.99 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 60.47 Gb Free Space | 34.22% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgchsvx.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgwdsvc.exe
PRC - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2001/11/09 02:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2001/11/09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IS360service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/01/08 13:07:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 06:22:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/20 06:08:43 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/13 08:23:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/13 08:23:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/25 21:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/26 16:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/02/20 18:36:24 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY012.sys -- (CGY012)
DRV - [2004/10/26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programs\Fresh Devices\Fresh Diagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60280
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60280

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc12.mail.....jsrand=4525738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7B 18 41 E6 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1108.mai...rand=587317658"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/08 11:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programs\AVG9\Firefox\ [2011/01/01 22:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Programs\AVG9\Firefox4\ [2011/04/05 02:56:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/04/26 12:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/04/26 12:46:45 | 000,000,000 | ---D | M]

[2011/01/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2010/01/10 03:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 06:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 04:28:25 | 000,001,620 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\searchplugins\mozilla-add-ons.xml

O1 HOSTS File: ([2011/04/30 23:15:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programs\Fresh Devices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programs\Fresh Devices\FreshDownload\fdiebar.dll (FreshDevices Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] D:\Programs\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FreshDownload - {55058DA0-D957-449D-8E5C-BFBA08E46B3F} - D:\Programs\Fresh Devices\FreshDownload\fd.exe (FreshDevices.com.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268383829468 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programs\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgchsvx.exe /sync) - D:\Programs\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgrsx.exe /sync /restart) - D:\Programs\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 23:15:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
[2011/04/30 05:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\Windows\Dream Chronicles 2 - The Eternal Maze
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2011/04/28 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/04/28 07:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 07:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/28 07:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 07:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2011/04/23 08:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\mAp01804bMjCc01804_Virus
[2011/04/22 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/04/19 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/04/17 14:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\nJk01803bApPi01803
[2011/04/17 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/04/17 05:40:18 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/16 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SunRay Games
[2011/04/14 11:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/04/14 11:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/04/12 05:06:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/04/12 04:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Letters from Nowhere
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2011/04/07 11:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/07 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2011/04/06 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/04/06 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/02 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/02 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/04/02 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Nick Chase 2 The Deadly Diamond
[2011/04/01 08:51:16 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/04/01 08:49:28 | 000,000,000 | ---D | C] -- C:\Windows\Empress Of The Deep
[2010/09/29 20:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2010/08/20 08:02:15 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\Users\Dominick J. Fontana\AppData\Roaming\t1.exe
[2009/02/03 08:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\Dominick J. Fontana\AppData\Roaming\7za.exe
[7 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 23:18:18 | 000,000,577 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/04/30 23:18:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 23:17:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 23:17:37 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 23:15:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/30 23:10:13 | 001,103,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 23:10:13 | 000,267,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 22:59:58 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 22:59:58 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 22:46:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 05:27:18 | 113,791,285 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/29 13:15:51 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 07:00:14 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:09:21 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/28 05:26:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/22 11:26:42 | 000,279,700 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/04/18 14:51:41 | 000,005,120 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/13 23:00:31 | 000,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 04:00:53 | 000,001,744 | RHS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.pol
[2011/04/06 03:34:58 | 000,001,416 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[7 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 13:15:51 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:58:15 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 06:09:21 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:26:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/22 11:26:55 | 000,279,700 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 14:48:21 | 000,005,120 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/19 10:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/23 06:40:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:39:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/22 12:05:19 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/22 12:05:19 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/01/22 12:05:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/22 11:37:52 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/01/21 12:34:44 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2010/11/12 08:11:22 | 000,071,484 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\ClassicFTP.dmp
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/20 07:00:31 | 004,098,560 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\btbar.msi
[2010/08/20 07:00:31 | 000,013,207 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MyTestToolbar.xpi
[2010/08/20 07:00:31 | 000,000,054 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\setup.dat
[2010/07/19 06:19:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010/07/17 05:30:44 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/16 22:38:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/04 06:58:49 | 000,000,803 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010/07/04 06:47:50 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI
[2010/04/07 06:12:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/03/09 05:10:40 | 000,000,169 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\default.rss
[2010/03/09 05:10:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/06 07:28:14 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/18 07:36:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/18 03:11:25 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileOut.cns
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileIn.cns
[2010/02/13 08:18:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/02/13 08:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/07 05:13:14 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/21 05:15:17 | 000,070,656 | ---- | C] () -- C:\Windows\RSetupCE.exe
[2009/12/22 05:15:29 | 000,000,577 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/12/22 05:15:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/12/22 05:15:28 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2009/11/15 19:38:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/11/15 19:33:25 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Mpwinapppiobas69.dat
[2009/11/15 19:32:27 | 000,112,156 | ---- | C] () -- C:\Windows\System32\Msdts325.dat
[2009/11/15 18:50:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 05:41:36 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Mros416.dll
[2009/11/01 22:58:39 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2009/11/01 19:20:54 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/11/01 19:20:54 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/11/01 19:20:54 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/01 19:20:54 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/01 19:20:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/01 09:04:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 07:50:58 | 000,022,068 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,413,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 001,103,678 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,267,804 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MafiaSetup.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 00:25:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\.minecraft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2K Sports
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\6EA5E0D4CF863867DCEF28FC4C867231
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/02/13 07:48:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Audio Converter
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Video Converter
[2011/03/27 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG9
[2011/04/12 05:46:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/01/31 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/04/30 10:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/02/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/04/18 08:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/04/17 05:40:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CoreFTP
[2011/03/16 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 06:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/03/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/02/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DonationCoder
[2011/03/27 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/02/18 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/02/17 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/02/15 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/03/20 07:06:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/04/12 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/03/16 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/03/29 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/04/24 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/03/08 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/03/06 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/02/24 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/03/17 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/03/25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshDiagnose
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshHTML
[2011/02/13 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Friday's games
[2011/02/15 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Frogwares
[2011/03/29 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FrostWire
[2011/02/24 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/03/15 08:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/02/26 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/02/20 08:51:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/04/19 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/02/02 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/04/17 05:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/02 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/02/19 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/04/06 09:21:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/04/02 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/30 05:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/01/25 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iShell
[2011/02/07 09:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/01/08 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LimeWire
[2011/02/22 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/02/25 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MA2
[2011/04/07 10:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/03/13 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/04/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/02/24 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/04/17 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Orneon
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Out of the Park Developments
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/02/07 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/04/29 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/03/02 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/03/30 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ProtectDISC
[2011/03/16 08:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\QB9
[2011/03/02 09:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Seven Zip
[2011/04/01 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/03/16 09:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/03/15 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Steinberg
[2011/04/19 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/08 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/07 11:32:55 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/23 08:58:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/04/05 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/03/23 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/02/16 11:29:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/04/26 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/08/17 04:53:22 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2011/04/30 23:03:49 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8F0F82EC
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CC30FDA5

< End of report >

Edited by Essexboy, 01 May 2011 - 07:49 AM.

  • 0

#7
Essexboy
Posted 01 May 2011 - 07:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is a slightly unusual one as TDSSKiller has that file on the white list so it will not replace it.... What I will do now is search for a replacement file and then try to use OTL to do the switch. First I will remove a folder and create a restore point. If that fails I will have to ask you to remove AVG as the other programme I will use will not function with AVG installed, but we will cross that bridge when we come to it. And yep I am from sunny Cornwall in England :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c
    C:\ProgramData\nJk01803bApPi01803

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

NOW TO SEARCH

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    sptd.*
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the resultant log please

  • 0

#8
Dom Fontana
Posted 01 May 2011 - 09:05 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi.

I used to run the Web site for the NY Yankees baseball team. They had a side forum for soccer. There were tons of fanatics for Manchester United. Are you familiar with that? Plus, you just had the Royal Wedding.

Back to business. Things are worse now. I had to reboot 3 times because it kept stalling during the reboot. Then once it did reboot, the computer crashed twice. Once, right before I was about to post this message. There are now 2 ghosted icons on my desktop that say desktop.ini, plus I am having trouble connecting to the Internet. haha.

Okay, here is the OTL log.

Thanks.Attached File  OTL.Txt   122.95KB   94 downloads

youOTL logfile created on: 5/1/2011 10:49:08 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 8.12 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 36.43 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 60.47 Gb Free Space | 34.22% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgchsvx.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programs\AVG9\avgcsrvx.exe
PRC - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2001/11/09 02:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2001/11/09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IS360service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/01/08 13:07:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programs\AVG9\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 06:22:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/20 06:08:43 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/13 08:23:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/13 08:23:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/25 21:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/26 16:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/02/20 18:36:24 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY012.sys -- (CGY012)
DRV - [2004/10/26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programs\Fresh Devices\Fresh Diagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60280
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60280


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc12.mail.....jsrand=4525738
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7B 18 41 E6 5A CA 01 [binary data]
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1108.mai...rand=587317658"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/08 11:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programs\AVG9\Firefox\ [2011/01/01 22:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Programs\AVG9\Firefox4\ [2011/04/05 02:56:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/04/26 12:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/04/26 12:46:45 | 000,000,000 | ---D | M]

[2011/01/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2010/01/10 03:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 06:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 04:28:25 | 000,001,620 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\searchplugins\mozilla-add-ons.xml

O1 HOSTS File: ([2011/05/01 10:29:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programs\Fresh Devices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programs\Fresh Devices\FreshDownload\fdiebar.dll (FreshDevices Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] D:\Programs\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FreshDownload - {55058DA0-D957-449D-8E5C-BFBA08E46B3F} - D:\Programs\Fresh Devices\FreshDownload\fd.exe (FreshDevices.com.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268383829468 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programs\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgchsvx.exe /sync) - D:\Programs\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (D:\Programs\AVG9\avgrsx.exe /sync /restart) - D:\Programs\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 23:15:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
[2011/04/30 05:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\Windows\Dream Chronicles 2 - The Eternal Maze
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2011/04/28 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/04/28 07:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 07:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/28 07:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 07:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2011/04/23 08:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\mAp01804bMjCc01804_Virus
[2011/04/22 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/04/19 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/04/17 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/04/17 05:40:18 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/16 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SunRay Games
[2011/04/14 11:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/04/14 11:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/04/12 05:06:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/04/12 04:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Letters from Nowhere
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2011/04/07 11:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/07 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2011/04/06 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/04/06 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/02 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/02 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/04/02 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Nick Chase 2 The Deadly Diamond
[2010/09/29 20:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2010/08/20 08:02:15 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\Users\Dominick J. Fontana\AppData\Roaming\t1.exe
[2009/02/03 08:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\Dominick J. Fontana\AppData\Roaming\7za.exe
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 10:49:42 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 10:49:42 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 10:47:05 | 001,190,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 10:47:05 | 000,297,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 10:46:38 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 10:42:19 | 000,000,577 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/05/01 10:42:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 10:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 10:41:59 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 10:40:24 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 10:29:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/01 07:38:50 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/30 05:27:18 | 113,791,285 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/29 13:15:51 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 07:00:14 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:09:21 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/28 05:26:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/22 11:26:42 | 000,279,700 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/04/18 14:51:41 | 000,005,120 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/13 23:00:31 | 000,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 04:00:53 | 000,001,744 | RHS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.pol
[2011/04/06 03:34:58 | 000,001,416 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 10:40:24 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 07:38:50 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/29 13:15:51 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:58:15 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 06:09:21 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:26:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/22 11:26:55 | 000,279,700 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 14:48:21 | 000,005,120 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/19 10:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/23 06:40:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:39:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/22 12:05:19 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/22 12:05:19 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/01/22 12:05:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/22 11:37:52 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/01/21 12:34:44 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2010/11/12 08:11:22 | 000,071,484 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\ClassicFTP.dmp
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/20 07:00:31 | 004,098,560 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\btbar.msi
[2010/08/20 07:00:31 | 000,013,207 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MyTestToolbar.xpi
[2010/08/20 07:00:31 | 000,000,054 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\setup.dat
[2010/07/19 06:19:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010/07/17 05:30:44 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/16 22:38:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/04 06:58:49 | 000,000,803 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010/07/04 06:47:50 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI
[2010/04/07 06:12:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/03/09 05:10:40 | 000,000,169 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\default.rss
[2010/03/09 05:10:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/06 07:28:14 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/18 07:36:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/18 03:11:25 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileOut.cns
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileIn.cns
[2010/02/13 08:18:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/02/13 08:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/07 05:13:14 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/21 05:15:17 | 000,070,656 | ---- | C] () -- C:\Windows\RSetupCE.exe
[2009/12/22 05:15:29 | 000,000,577 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/12/22 05:15:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/12/22 05:15:28 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2009/11/15 19:38:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/11/15 19:33:25 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Mpwinapppiobas69.dat
[2009/11/15 19:32:27 | 000,112,156 | ---- | C] () -- C:\Windows\System32\Msdts325.dat
[2009/11/15 18:50:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 05:41:36 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Mros416.dll
[2009/11/01 22:58:39 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2009/11/01 19:20:54 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/11/01 19:20:54 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/11/01 19:20:54 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/01 19:20:54 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/01 19:20:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/01 09:04:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 07:50:58 | 000,022,068 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,413,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 001,190,352 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,297,106 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MafiaSetup.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 00:25:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\.minecraft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2K Sports
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\6EA5E0D4CF863867DCEF28FC4C867231
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/02/13 07:48:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Audio Converter
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Video Converter
[2011/03/27 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG9
[2011/04/12 05:46:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/01/31 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/04/30 10:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/02/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/04/18 08:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/04/17 05:40:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CoreFTP
[2011/03/16 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 06:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/03/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/02/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DonationCoder
[2011/03/27 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/02/18 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/02/17 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/02/15 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/03/20 07:06:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/04/12 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/03/16 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/03/29 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/04/24 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/03/08 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/03/06 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/02/24 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/03/17 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/03/25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshDiagnose
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshHTML
[2011/02/13 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Friday's games
[2011/02/15 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Frogwares
[2011/03/29 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FrostWire
[2011/02/24 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/03/15 08:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/02/26 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/02/20 08:51:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/04/19 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/02/02 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/04/17 05:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/02 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/02/19 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/04/06 09:21:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/04/02 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/30 05:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/01/25 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iShell
[2011/02/07 09:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/01/08 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LimeWire
[2011/02/22 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/02/25 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MA2
[2011/04/07 10:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/03/13 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/04/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/02/24 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/04/17 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Orneon
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Out of the Park Developments
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/02/07 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/04/29 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/03/02 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/03/30 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ProtectDISC
[2011/03/16 08:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\QB9
[2011/03/02 09:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Seven Zip
[2011/04/01 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/03/16 09:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/03/15 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Steinberg
[2011/04/19 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/08 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/07 11:32:55 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/23 08:58:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/04/05 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/03/23 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/02/16 11:29:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/04/26 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/18 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/08/17 04:53:22 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2011/05/01 09:39:53 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector (1).exe
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe


< MD5 for: SPTD.SYS >
[2011/01/20 06:08:43 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8F0F82EC
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CC30FDA5

< End of report >

Edited by Dom Fontana, 01 May 2011 - 09:06 AM.

  • 0

#9
Essexboy
Posted 01 May 2011 - 09:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Typical no spare - I will attach a copy of the file zipped. Download this to your desktop and extract the installer. Run the installer and let it replace the current file version

Things are worse now. I had to reboot 3 times because it kept stalling during the reboot. Then once it did reboot, the computer crashed twice. Once, right before I was about to post this message. There are now 2 ghosted icons on my desktop that say desktop.ini, plus I am having trouble connecting to the Internet. haha.

The ghost files are system ones revealed by OTL - we will hide them later, the crashes are as the rootkit is becoming more unstable




Then Download the AVG removal toolto your desktop
Download a fresh copy of AVG to your desktop
Download Combofix to your desktop
Link 1
Link 2

Disconnect from the internet
From Control Panel > Programs and Features uninstall AVG
Reboot
Run the AVG removal tool
Reboot

[*]Double click on ComboFix.exe & follow the prompts.
[*]When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
Dom Fontana
Posted 01 May 2011 - 09:50 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
I got stymied on the first part. I downloaded it, extracted it, but when I tried to run the SPTD exe file, I just got a busy pointer and nothing happened. I tried it a few times. I will do the other things now.

Update: Okay, I downloaded all the other things and right in the middle of that I got a requester that said my version of SPTD was outdated and a new version was available. I clicked yes to download it and it took a long time to install it, but it was successful. Now it says to reboot. So, I will follow your procedure to the letter and then post the log file you requested.

Thanks so much for your help. I really do appreciate it. It is very nice of you.

Dominick

Edited by Dom Fontana, 01 May 2011 - 09:59 AM.

  • 0

Advertisements

#11
Essexboy
Posted 01 May 2011 - 10:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - I have the easy part :)
  • 0

#12
Dom Fontana
Posted 01 May 2011 - 10:38 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Nightmare!

I did everything you said and uninstalled AVG, etc. The problem is that I can't run ComboFix. Everytime I try to run it, the computer crashes. Then on one reboot it automatically used CHKDSK to check my drive for consistency. Then I booted in safe mode and when I tried to run ComboFix, it still crashed, so I figured I wouldn't try anymore.

So what do we do now?

You don't have the easy part. You are contributing your time and knowledge. Thanks.
  • 0

#13
Essexboy
Posted 01 May 2011 - 10:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will proceed in gentle baby steps and see if we can get it that way

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#14
Dom Fontana
Posted 01 May 2011 - 10:52 AM

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Okay, I am about to run the GMER scan. However, I just downloaded the latest version of Malwarebytes Anti-Malware the other day and I have the latest version. Do you want me to download that again or use the installed version I have?

I'll respond right after the GMER scan.
  • 0

#15
Essexboy
Posted 01 May 2011 - 10:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, no need just update MBAM before you run
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP