Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 running at 100% CPU usage


  • This topic is locked This topic is locked

#1
gary1210

gary1210

    Member

  • Member
  • PipPip
  • 28 posts
My laptop is running at 100% cpu usage with only 5 proccess's running, but when I open tuneup task manager and check, that cpu % of all the apps running only adds up to 73%.

I have uninstalled norton update (ccSvcHst.exe) and it didn't help.

There is a file called conime.exe that keeps adding itself to the startup at boot. But when I try to look for the file it doesn't exsist.

I think it might be malware or a root/boot kit. I have ran quick scan on malwarebytes updated on the 18th may 2011 and it found nothing.

Avast found nothing except for a few tools from binpack (metasploit,sqlninja and afew similar apps)

Any help will be appreciated.

Thanks in advance.

OTL.Txt

OTL logfile created on: 20/05/2011 09:17:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\VMw4r3\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 27.76 Gb Free Space | 37.29% Space Free | Partition Type: NTFS
Drive E: | 7.15 Gb Total Space | 1.04 Gb Free Space | 14.56% Space Free | Partition Type: FAT32

Computer Name: VMW4R3-PC | User Name: VMw4r3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
PRC - [2011/05/19 21:29:06 | 000,062,464 | ---- | M] () -- C:\Program Files\BWMeter\BWMeterConSvc.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/15 02:23:22 | 000,127,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/04/15 02:20:42 | 000,289,096 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/04/15 00:18:12 | 000,328,952 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011/04/15 00:18:10 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/14 14:42:42 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/12/14 14:41:10 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/11/20 13:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/18 12:41:52 | 002,362,880 | ---- | M] (DSGi) -- C:\Windows\System32\spool\drivers\w32x86\3\ADAiO2MUI.exe
PRC - [2010/09/30 10:53:18 | 000,361,904 | ---- | M] (DSGi) -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
PRC - [2010/07/01 20:52:46 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/02/20 13:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/20 12:58:04 | 000,387,808 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2005/02/16 16:48:18 | 000,225,280 | ---- | M] (Pro²soft) -- C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
MOD - [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/19 21:29:06 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files\BWMeter\BWMeterConSvc.exe -- (BWMeterConSvc)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/15 02:23:30 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/04/15 02:20:42 | 000,289,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011/04/15 00:18:12 | 000,328,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/04/15 00:18:10 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/12/14 14:41:10 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/12/14 14:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/30 10:53:18 | 000,361,904 | ---- | M] (DSGi) [Auto | Running] -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe -- (Advent AIO Network Discovery Service)
SRV - [2010/09/11 19:34:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/01 20:52:46 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/07/01 20:52:45 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007/02/20 12:58:04 | 000,387,808 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsnpfd.sys -- (dsnpfdMP)
DRV - [2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsnpfd.sys -- (dsnpfd)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/15 00:18:10 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/11/29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/27 17:46:12 | 000,356,352 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/06/23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/20 16:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/17 20:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/28 23:08:58 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/02 18:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/08/31 03:47:00 | 000,025,856 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801co.sys -- (tap0801co) TAP-Win32 Adapter V8 (coLinux)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=...18&l=dis&gct=hp
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 5F 12 8A 64 DD CA 01 [binary data]
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 00:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 00:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\components [2011/05/19 00:26:30 | 000,000,000 | ---D | M]

[2010/08/21 06:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions
[2010/08/21 00:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2010/08/21 06:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/19 23:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions
[2010/07/23 23:39:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/08/28 10:24:55 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2011/05/01 16:15:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/05/19 20:51:27 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2011/04/15 17:36:37 | 000,000,000 | ---D | M] (MiniEvony Community Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}
[2011/02/28 18:32:11 | 000,000,000 | ---D | M] ("Stop Autoplay") -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/04/28 14:52:37 | 000,000,000 | ---D | M] (Advanced Dork:) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}
[2010/10/19 10:24:44 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/06 15:52:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/19 18:46:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/04/14 21:32:54 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010/04/17 23:54:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/04/14 21:32:55 | 000,000,000 | ---D | M] (Direct Link) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{a4ffd900-48b6-11db-b0de-0800200c9a66}
[2011/05/01 13:39:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/28 18:32:20 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/14 21:39:00 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/05/19 09:14:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/02/28 18:32:18 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/01 16:14:49 | 000,000,000 | ---D | M] (PhZilla) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/05/19 18:50:48 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2010/04/14 21:32:55 | 000,000,000 | ---D | M] (Copy and Go) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/04/15 17:36:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/05/12 16:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/02/28 18:32:12 | 000,000,000 | ---D | M] (Server Spy) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2010/08/19 22:34:23 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/03/17 23:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 11:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/16 21:57:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/28 18:26:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/20 05:15:32 | 000,434,608 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14955 more lines...
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ADAiO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\ADAiO2MUI.exe (DSGi)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\Run: [Bandwidth Monitor Pro] C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [SpybotDeletingA1818] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2205] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA3540] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4092] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4783] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4822] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4905] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA5795] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6148] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingC1025] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC1519] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC1778] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC2982] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC3] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5313] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5572] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC6566] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9697] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB1335] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB1792] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB375] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB4665] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB4770] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB5612] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB596] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB8155] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingB8768] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD1687] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD17] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD2646] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD2791] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD2875] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD4284] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD5985] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD9357] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\RunOnce: [SpybotDeletingD949] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\VMw4r3\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\VMw4r3\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/DDD%20Pool/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{235f6934-4bbf-11df-a823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{235f6934-4bbf-11df-a823-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{235f6939-4bbf-11df-a823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{235f6939-4bbf-11df-a823-005056c00008}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6575a2fd-5e0e-11df-b224-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6575a2fd-5e0e-11df-b224-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6575a30d-5e0e-11df-b224-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6575a30d-5e0e-11df-b224-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{671e9311-8532-11df-b6c8-9566c2d1f879}\Shell - "" = AutoRun
O33 - MountPoints2\{671e9311-8532-11df-b6c8-9566c2d1f879}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{671e9313-8532-11df-b6c8-9566c2d1f879}\Shell - "" = AutoRun
O33 - MountPoints2\{671e9313-8532-11df-b6c8-9566c2d1f879}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcd4ecb0-a641-11df-8150-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{bcd4ecb0-a641-11df-8150-005056c00008}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{fb851e12-97a9-11df-bc5d-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{fb851e12-97a9-11df-bc5d-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 08:51:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
[2011/05/20 08:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/05/20 08:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/20 07:36:30 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/05/20 07:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/05/20 07:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/05/20 07:34:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/05/20 04:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2011/05/20 04:28:27 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2011/05/20 00:05:17 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\windows-binaries
[2011/05/19 23:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/19 21:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DeskSoft
[2011/05/19 21:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BWMeter
[2011/05/19 21:29:06 | 000,028,552 | ---- | C] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011/05/19 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\DeskSoft
[2011/05/19 21:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\BWMeter
[2011/05/19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/05/19 21:07:42 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\python271
[2011/05/19 18:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/05/19 01:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij 1.13 Free
[2011/05/19 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Havij 1.14 Free
[2011/05/19 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Apple Computer
[2011/05/19 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Apple Computer
[2011/05/19 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/19 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/19 00:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/19 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/19 00:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/19 00:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/19 00:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/19 00:25:34 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Apple
[2011/05/19 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/19 00:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/19 00:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/19 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/19 00:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/05/19 00:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2011/05/13 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheSnookerClub
[2011/05/13 22:59:55 | 000,000,000 | ---D | C] -- C:\Games
[2011/05/12 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/05/12 13:50:08 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\Documents\DVDFab
[2011/05/12 13:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/05/12 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2011/05/07 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\FlyOrDie
[2011/05/07 19:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Billiards
[2011/05/07 19:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\3D Billiards
[2011/05/07 19:05:06 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DDD Pool
[2011/05/07 19:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDD Pool
[2011/05/07 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\SpinTop
[2011/05/07 19:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\DDD Pool
[2011/05/07 01:19:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/04 19:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011/05/03 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\Documents\03-05-2011
[2011/04/30 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Mozilla Firefox
[2011/04/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Tific
[2011/04/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Tific
[2011/04/28 19:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/28 19:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/26 03:29:26 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2011/04/26 03:29:23 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Paltalk
[2011/04/26 03:29:19 | 000,000,000 | ---D | C] -- C:\Windows\Paltalk Messenger
[2011/04/26 03:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger

========== Files - Modified Within 30 Days ==========

[2011/05/20 09:04:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 09:02:03 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
[2011/05/20 08:16:49 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/20 07:36:19 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/05/20 07:36:19 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/05/20 07:04:24 | 000,631,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 07:04:24 | 000,111,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 07:02:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 06:35:14 | 000,000,756 | ---- | M] () -- C:\Windows\wininit.ini
[2011/05/20 05:15:32 | 000,434,608 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/20 04:42:51 | 000,001,134 | ---- | M] () -- C:\Users\VMw4r3\Desktop\NoVirusThanks Anti-Rootkit (Free Edition).lnk
[2011/05/20 04:37:54 | 000,001,215 | ---- | M] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Uploader.lnk
[2011/05/20 04:37:54 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\NoVirusThanks Uploader.lnk
[2011/05/20 04:28:27 | 000,001,993 | ---- | M] () -- C:\Users\VMw4r3\Desktop\VirusTotal Uploader 2.0.lnk
[2011/05/20 04:16:58 | 000,080,384 | ---- | M] () -- C:\Users\VMw4r3\Desktop\MBRCheckRanDom______file.exe
[2011/05/20 03:31:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 03:31:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 03:26:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/20 03:20:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 23:37:39 | 000,000,903 | ---- | M] () -- C:\Users\VMw4r3\Desktop\WinRAR.lnk
[2011/05/19 21:32:02 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\BWMeter.lnk
[2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011/05/19 01:06:01 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Havij.lnk
[2011/05/19 00:30:13 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/19 00:26:10 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/19 00:12:04 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/05/18 23:59:55 | 007,908,720 | ---- | M] () -- C:\Users\VMw4r3\Desktop\HSS-2.03-install-p14-263-conduit.exe
[2011/05/14 07:03:19 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/13 23:00:00 | 000,000,712 | ---- | M] () -- C:\Users\VMw4r3\Desktop\iSnooker.lnk
[2011/05/12 13:50:02 | 000,000,974 | ---- | M] () -- C:\Users\VMw4r3\Desktop\DVDFab 8 Qt.lnk
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/07 19:31:50 | 000,000,993 | ---- | M] () -- C:\Users\VMw4r3\Desktop\3D Billiards.lnk
[2011/05/07 19:05:06 | 000,000,958 | ---- | M] () -- C:\Users\VMw4r3\Desktop\DDD Pool.lnk
[2011/05/07 19:05:06 | 000,000,164 | ---- | M] () -- C:\Users\VMw4r3\Desktop\More SpinTop Games.url
[2011/05/04 19:53:23 | 000,001,719 | ---- | M] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/05/04 19:53:23 | 000,001,695 | ---- | M] () -- C:\Users\VMw4r3\Desktop\PartyPoker.lnk
[2011/04/30 21:03:17 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/26 03:29:28 | 000,001,108 | ---- | M] () -- C:\Users\VMw4r3\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/04/26 03:29:27 | 000,001,903 | ---- | M] () -- C:\Users\VMw4r3\Desktop\Paltalk Messenger.lnk

========== Files Created - No Company Name ==========

[2011/05/20 08:16:49 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/20 07:36:19 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/05/20 07:36:19 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/05/20 07:36:18 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/05/20 06:35:12 | 000,000,756 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/20 04:42:51 | 000,001,134 | ---- | C] () -- C:\Users\VMw4r3\Desktop\NoVirusThanks Anti-Rootkit (Free Edition).lnk
[2011/05/20 04:37:54 | 000,001,215 | ---- | C] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Uploader.lnk
[2011/05/20 04:37:54 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\NoVirusThanks Uploader.lnk
[2011/05/20 04:28:27 | 000,001,993 | ---- | C] () -- C:\Users\VMw4r3\Desktop\VirusTotal Uploader 2.0.lnk
[2011/05/20 04:16:53 | 000,080,384 | ---- | C] () -- C:\Users\VMw4r3\Desktop\MBRCheckRanDom______file.exe
[2011/05/19 23:37:39 | 000,000,903 | ---- | C] () -- C:\Users\VMw4r3\Desktop\WinRAR.lnk
[2011/05/19 23:26:41 | 000,002,853 | ---- | C] () -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop StartupMonitor.lnk
[2011/05/19 21:32:02 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\BWMeter.lnk
[2011/05/19 01:06:01 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Havij.lnk
[2011/05/19 00:30:13 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/19 00:26:10 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/19 00:25:29 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/19 00:12:04 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/05/18 23:59:21 | 007,908,720 | ---- | C] () -- C:\Users\VMw4r3\Desktop\HSS-2.03-install-p14-263-conduit.exe
[2011/05/13 23:00:00 | 000,000,712 | ---- | C] () -- C:\Users\VMw4r3\Desktop\iSnooker.lnk
[2011/05/12 13:50:02 | 000,000,974 | ---- | C] () -- C:\Users\VMw4r3\Desktop\DVDFab 8 Qt.lnk
[2011/05/07 19:31:50 | 000,000,993 | ---- | C] () -- C:\Users\VMw4r3\Desktop\3D Billiards.lnk
[2011/05/07 19:05:06 | 000,000,958 | ---- | C] () -- C:\Users\VMw4r3\Desktop\DDD Pool.lnk
[2011/05/07 19:05:06 | 000,000,164 | ---- | C] () -- C:\Users\VMw4r3\Desktop\More SpinTop Games.url
[2011/05/04 19:53:23 | 000,001,719 | ---- | C] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/05/04 19:53:23 | 000,001,695 | ---- | C] () -- C:\Users\VMw4r3\Desktop\PartyPoker.lnk
[2011/04/30 21:03:16 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/26 03:29:28 | 000,001,108 | ---- | C] () -- C:\Users\VMw4r3\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/04/26 03:29:27 | 000,001,903 | ---- | C] () -- C:\Users\VMw4r3\Desktop\Paltalk Messenger.lnk
[2011/02/24 20:59:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/24 20:57:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/23 16:29:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/02/23 16:29:45 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/11/22 02:58:55 | 000,005,632 | ---- | C] () -- C:\Users\VMw4r3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 23:02:07 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/06 00:55:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/23 12:32:24 | 000,000,600 | ---- | C] () -- C:\Users\VMw4r3\AppData\Local\PUTTY.RND
[2010/05/15 09:16:59 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/04/14 19:38:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/11 06:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,274,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,631,144 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,822 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/23 23:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe

========== LOP Check ==========

[2010/05/15 09:21:36 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Birdstep Technology
[2011/05/19 21:29:03 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\DeskSoft
[2011/01/15 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\FileZilla
[2010/08/21 06:11:13 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\GNUCITIZEN
[2010/07/23 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Mavituna Security Ltd
[2010/07/01 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Notepad++
[2010/08/21 00:32:38 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\OpenVPN Technologies
[2011/04/26 03:34:55 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Paltalk
[2011/02/23 17:19:23 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\PC Suite
[2010/04/25 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\PyScripter
[2011/02/23 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Samsung
[2010/10/19 10:24:47 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\SecurityHeroes
[2011/05/07 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\SpinTop
[2010/12/27 15:32:50 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Temp
[2011/04/28 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Tific
[2011/05/20 07:35:54 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\TuneUp Software
[2011/05/17 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\uTorrent
[2010/08/12 19:50:12 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Vodafone
[2011/05/20 09:02:03 | 000,000,488 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2011/01/10 07:58:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, gary1210! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Please do the following:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    conime.exe
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL log
  • Extras log

  • 0

#3
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Render, Thanks for helping.

aswMBR.log

ASWmbr.txt

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-20 20:05:25
-----------------------------
20:05:25.799 OS Version: Windows 6.1.7601 Service Pack 1
20:05:25.799 Number of processors: 2 586 0x6801
20:05:25.799 ComputerName: VMW4R3-PC UserName: VMw4r3
20:05:33.038 Initialize success
20:05:38.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:05:38.825 Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
20:05:40.853 Disk 0 MBR read successfully
20:05:40.869 Disk 0 MBR scan
20:05:40.869 Disk 0 Windows 7 default MBR code
20:05:42.897 Disk 0 scanning sectors +156299264
20:05:42.928 Disk 0 scanning C:\Windows\system32\drivers
20:05:50.915 Service scanning
20:05:52.070 Disk 0 trace - called modules:
20:05:52.101 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:05:52.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855905e0]
20:05:52.101 3 CLASSPNP.SYS[887ae59e] -> nt!IofCallDriver -> [0x854ad918]
20:05:52.116 5 ACPI.sys[882383d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847ce610]
20:05:52.132 Scan finished successfully
20:06:09.214 Disk 0 MBR has been saved successfully to "C:\Users\VMw4r3\Desktop\MBR.dat"
20:06:09.230 The log file has been saved successfully to "C:\Users\VMw4r3\Desktop\aswMBR.txt"



OTL.txt

OTL logfile created on: 20/05/2011 20:15:08 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\VMw4r3\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 28.35 Gb Free Space | 38.09% Space Free | Partition Type: NTFS

Computer Name: VMW4R3-PC | User Name: VMw4r3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/14 14:42:42 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/12/14 14:41:10 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/18 12:41:52 | 002,362,880 | ---- | M] (DSGi) -- C:\Windows\System32\spool\drivers\w32x86\3\ADAiO2MUI.exe
PRC - [2010/09/30 10:53:18 | 000,361,904 | ---- | M] (DSGi) -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
PRC - [2010/07/01 20:52:46 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/02/20 13:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/20 12:58:04 | 000,387,808 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2005/02/16 16:48:18 | 000,225,280 | ---- | M] (Pro²soft) -- C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Modules (All) ==========

MOD - [2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/20 13:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010/11/20 13:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010/11/20 13:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010/11/20 13:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2010/11/20 13:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010/11/20 13:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010/11/20 13:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010/11/20 13:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010/11/20 13:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010/11/20 13:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010/11/20 13:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2010/11/20 13:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2010/11/20 13:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010/11/20 13:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010/11/20 13:20:49 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010/11/20 13:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2010/11/20 13:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2010/11/20 13:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010/11/20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010/11/20 13:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2010/11/20 13:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010/11/20 13:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 13:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2010/11/20 13:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2010/11/20 13:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009/07/14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009/07/14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/05/19 21:29:06 | 000,062,464 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\BWMeter\BWMeterConSvc.exe -- (BWMeterConSvc)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/15 02:23:30 | 000,063,976 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/04/15 02:20:42 | 000,289,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011/04/15 00:18:12 | 000,328,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/04/15 00:18:10 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/12/14 14:41:10 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/12/14 14:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/30 10:53:18 | 000,361,904 | ---- | M] (DSGi) [Auto | Running] -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe -- (Advent AIO Network Discovery Service)
SRV - [2010/09/11 19:34:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/01 20:52:46 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/07/01 20:52:45 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007/02/20 12:58:04 | 000,387,808 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsnpfd.sys -- (dsnpfdMP)
DRV - [2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsnpfd.sys -- (dsnpfd)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/15 00:18:10 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/11/29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/27 17:46:12 | 000,356,352 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/06/23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/20 16:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/17 20:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/28 23:08:58 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/02 18:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/08/31 03:47:00 | 000,025,856 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801co.sys -- (tap0801co) TAP-Win32 Adapter V8 (coLinux)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=...18&l=dis&gct=hp
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 5F 12 8A 64 DD CA 01 [binary data]
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 00:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 00:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\components [2011/05/19 00:26:30 | 000,000,000 | ---D | M]

[2010/08/21 06:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions
[2010/08/21 00:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2010/08/21 06:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/19 23:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions
[2010/07/23 23:39:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/08/28 10:24:55 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2011/05/01 16:15:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/05/19 20:51:27 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2011/04/15 17:36:37 | 000,000,000 | ---D | M] (MiniEvony Community Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}
[2011/02/28 18:32:11 | 000,000,000 | ---D | M] ("Stop Autoplay") -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/04/28 14:52:37 | 000,000,000 | ---D | M] (Advanced Dork:) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}
[2010/10/19 10:24:44 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/06 15:52:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/19 18:46:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/04/14 21:32:54 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010/04/17 23:54:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/04/14 21:32:55 | 000,000,000 | ---D | M] (Direct Link) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{a4ffd900-48b6-11db-b0de-0800200c9a66}
[2011/05/01 13:39:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/28 18:32:20 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/14 21:39:00 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/05/19 09:14:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/02/28 18:32:18 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/01 16:14:49 | 000,000,000 | ---D | M] (PhZilla) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/05/19 18:50:48 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2010/04/14 21:32:55 | 000,000,000 | ---D | M] (Copy and Go) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/04/15 17:36:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/05/12 16:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/02/28 18:32:12 | 000,000,000 | ---D | M] (Server Spy) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2010/08/19 22:34:23 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\VMw4r3\AppData\Roaming\mozilla\Firefox\Profiles\yhqg1pod.default\extensions\[email protected]
[2011/03/17 23:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 11:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/16 21:57:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/28 18:26:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/20 05:15:32 | 000,434,608 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14955 more lines...
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ADAiO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\ADAiO2MUI.exe (DSGi)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000..\Run: [Bandwidth Monitor Pro] C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-21-3787302479-1792056733-934747533-1000\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\VMw4r3\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\VMw4r3\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/DDD%20Pool/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\bwmeter.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\chrome.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\mobileconnect.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\openvpntray.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setdlc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\vmnetcfg.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\vmplayer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\vmware.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{235f6934-4bbf-11df-a823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{235f6934-4bbf-11df-a823-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{235f6939-4bbf-11df-a823-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{235f6939-4bbf-11df-a823-005056c00008}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6575a2fd-5e0e-11df-b224-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6575a2fd-5e0e-11df-b224-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6575a30d-5e0e-11df-b224-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6575a30d-5e0e-11df-b224-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{671e9311-8532-11df-b6c8-9566c2d1f879}\Shell - "" = AutoRun
O33 - MountPoints2\{671e9311-8532-11df-b6c8-9566c2d1f879}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{671e9313-8532-11df-b6c8-9566c2d1f879}\Shell - "" = AutoRun
O33 - MountPoints2\{671e9313-8532-11df-b6c8-9566c2d1f879}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcd4ecb0-a641-11df-8150-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{bcd4ecb0-a641-11df-8150-005056c00008}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{fb851e12-97a9-11df-bc5d-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{fb851e12-97a9-11df-bc5d-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 20:04:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\VMw4r3\Desktop\aswMBR.exe
[2011/05/20 13:37:27 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\.JSMS
[2011/05/20 13:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JSMS
[2011/05/20 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\JSMS
[2011/05/20 08:51:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
[2011/05/20 08:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/05/20 08:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/20 07:36:30 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/05/20 07:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/05/20 07:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/05/20 07:34:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/05/20 04:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2011/05/20 04:28:27 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2011/05/20 00:05:17 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\windows-binaries
[2011/05/19 23:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/19 21:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DeskSoft
[2011/05/19 21:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BWMeter
[2011/05/19 21:29:06 | 000,028,552 | ---- | C] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011/05/19 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\DeskSoft
[2011/05/19 21:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\BWMeter
[2011/05/19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/05/19 21:07:42 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\python271
[2011/05/19 18:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/05/19 11:04:45 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/19 11:04:44 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/19 11:04:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/19 01:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij 1.13 Free
[2011/05/19 01:05:59 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011/05/19 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Havij 1.14 Free
[2011/05/19 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Apple Computer
[2011/05/19 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Apple Computer
[2011/05/19 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/19 00:30:05 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/05/19 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/19 00:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/19 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/19 00:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/19 00:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/19 00:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/19 00:25:34 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Apple
[2011/05/19 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/19 00:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/19 00:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/19 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/19 00:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/05/19 00:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2011/05/13 23:00:52 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/05/13 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheSnookerClub
[2011/05/13 22:59:55 | 000,000,000 | ---D | C] -- C:\Games
[2011/05/12 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/05/12 13:50:08 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\Documents\DVDFab
[2011/05/12 13:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/05/12 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2011/05/07 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\FlyOrDie
[2011/05/07 19:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDD Pool
[2011/05/07 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\SpinTop
[2011/05/07 01:19:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/07 00:29:53 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/05/07 00:29:53 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/05/07 00:29:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/05/07 00:29:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/05/07 00:29:46 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/07 00:29:45 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/04 19:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011/05/03 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\Documents\03-05-2011
[2011/04/30 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Mozilla Firefox
[2011/04/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Tific
[2011/04/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Local\Tific
[2011/04/28 19:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/28 19:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/26 03:29:23 | 000,000,000 | ---D | C] -- C:\Users\VMw4r3\AppData\Roaming\Paltalk

========== Files - Modified Within 30 Days ==========

[2011/05/20 20:06:09 | 000,000,512 | ---- | M] () -- C:\Users\VMw4r3\Desktop\MBR.dat
[2011/05/20 20:04:12 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\VMw4r3\Desktop\aswMBR.exe
[2011/05/20 20:00:16 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2011/05/20 19:26:08 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 19:26:08 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 19:24:43 | 000,631,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 19:24:43 | 000,111,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 19:12:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 19:12:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 19:11:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/20 13:36:07 | 000,001,805 | ---- | M] () -- C:\Users\VMw4r3\Desktop\JSMS.lnk
[2011/05/20 08:51:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\VMw4r3\Desktop\OTL.exe
[2011/05/20 08:16:49 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/20 07:36:19 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/05/20 07:36:19 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/05/20 06:35:14 | 000,000,756 | ---- | M] () -- C:\Windows\wininit.ini
[2011/05/20 05:15:32 | 000,434,608 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/20 04:42:51 | 000,001,134 | ---- | M] () -- C:\Users\VMw4r3\Desktop\NoVirusThanks Anti-Rootkit (Free Edition).lnk
[2011/05/20 04:37:54 | 000,001,215 | ---- | M] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Uploader.lnk
[2011/05/20 04:37:54 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\NoVirusThanks Uploader.lnk
[2011/05/20 04:28:27 | 000,001,993 | ---- | M] () -- C:\Users\VMw4r3\Desktop\VirusTotal Uploader 2.0.lnk
[2011/05/20 04:16:58 | 000,080,384 | ---- | M] () -- C:\Users\VMw4r3\Desktop\MBRCheckRanDom______file.exe
[2011/05/20 03:26:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/19 23:37:39 | 000,000,903 | ---- | M] () -- C:\Users\VMw4r3\Desktop\WinRAR.lnk
[2011/05/19 21:32:02 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\BWMeter.lnk
[2011/05/19 21:29:06 | 000,028,552 | ---- | M] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011/05/19 01:06:01 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Havij.lnk
[2011/05/19 00:30:13 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/19 00:26:10 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/19 00:12:04 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/05/18 23:59:55 | 007,908,720 | ---- | M] () -- C:\Users\VMw4r3\Desktop\HSS-2.03-install-p14-263-conduit.exe
[2011/05/14 07:03:19 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/13 23:00:00 | 000,000,712 | ---- | M] () -- C:\Users\VMw4r3\Desktop\iSnooker.lnk
[2011/05/12 13:50:02 | 000,000,974 | ---- | M] () -- C:\Users\VMw4r3\Desktop\DVDFab 8 Qt.lnk
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/07 19:05:06 | 000,000,164 | ---- | M] () -- C:\Users\VMw4r3\Desktop\More SpinTop Games.url
[2011/05/04 19:53:23 | 000,001,719 | ---- | M] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/05/04 19:53:23 | 000,001,695 | ---- | M] () -- C:\Users\VMw4r3\Desktop\PartyPoker.lnk
[2011/04/30 21:03:17 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/05/20 20:06:09 | 000,000,512 | ---- | C] () -- C:\Users\VMw4r3\Desktop\MBR.dat
[2011/05/20 13:36:07 | 000,001,805 | ---- | C] () -- C:\Users\VMw4r3\Desktop\JSMS.lnk
[2011/05/20 08:16:49 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/20 07:36:19 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/05/20 07:36:19 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/05/20 07:36:18 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/05/20 06:35:12 | 000,000,756 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/20 04:42:51 | 000,001,134 | ---- | C] () -- C:\Users\VMw4r3\Desktop\NoVirusThanks Anti-Rootkit (Free Edition).lnk
[2011/05/20 04:37:54 | 000,001,215 | ---- | C] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\NoVirusThanks Uploader.lnk
[2011/05/20 04:37:54 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\NoVirusThanks Uploader.lnk
[2011/05/20 04:28:27 | 000,001,993 | ---- | C] () -- C:\Users\VMw4r3\Desktop\VirusTotal Uploader 2.0.lnk
[2011/05/20 04:16:53 | 000,080,384 | ---- | C] () -- C:\Users\VMw4r3\Desktop\MBRCheckRanDom______file.exe
[2011/05/19 23:37:39 | 000,000,903 | ---- | C] () -- C:\Users\VMw4r3\Desktop\WinRAR.lnk
[2011/05/19 23:26:41 | 000,002,853 | ---- | C] () -- C:\Users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop StartupMonitor.lnk
[2011/05/19 21:32:02 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\BWMeter.lnk
[2011/05/19 01:06:01 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Havij.lnk
[2011/05/19 00:30:13 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/19 00:26:10 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/19 00:25:29 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/19 00:12:04 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/05/18 23:59:21 | 007,908,720 | ---- | C] () -- C:\Users\VMw4r3\Desktop\HSS-2.03-install-p14-263-conduit.exe
[2011/05/13 23:00:00 | 000,000,712 | ---- | C] () -- C:\Users\VMw4r3\Desktop\iSnooker.lnk
[2011/05/12 13:50:02 | 000,000,974 | ---- | C] () -- C:\Users\VMw4r3\Desktop\DVDFab 8 Qt.lnk
[2011/05/07 19:05:06 | 000,000,164 | ---- | C] () -- C:\Users\VMw4r3\Desktop\More SpinTop Games.url
[2011/05/04 19:53:23 | 000,001,719 | ---- | C] () -- C:\Users\VMw4r3\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/05/04 19:53:23 | 000,001,695 | ---- | C] () -- C:\Users\VMw4r3\Desktop\PartyPoker.lnk
[2011/04/30 21:03:16 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/24 20:59:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/24 20:57:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/23 16:29:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/02/23 16:29:45 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/11/22 02:58:55 | 000,005,632 | ---- | C] () -- C:\Users\VMw4r3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 23:02:07 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/06 00:55:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/23 12:32:24 | 000,000,600 | ---- | C] () -- C:\Users\VMw4r3\AppData\Local\PUTTY.RND
[2010/05/15 09:16:59 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/04/14 19:38:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/11 06:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,274,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,631,144 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,822 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/23 23:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe

========== LOP Check ==========

[2010/05/15 09:21:36 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Birdstep Technology
[2011/05/19 21:29:03 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\DeskSoft
[2011/01/15 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\FileZilla
[2010/08/21 06:11:13 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\GNUCITIZEN
[2010/07/23 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Mavituna Security Ltd
[2010/07/01 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Notepad++
[2010/08/21 00:32:38 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\OpenVPN Technologies
[2011/05/20 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Paltalk
[2011/02/23 17:19:23 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\PC Suite
[2010/04/25 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\PyScripter
[2011/02/23 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Samsung
[2010/10/19 10:24:47 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\SecurityHeroes
[2011/05/07 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\SpinTop
[2010/12/27 15:32:50 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Temp
[2011/04/28 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Tific
[2011/05/20 07:35:54 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\TuneUp Software
[2011/05/17 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\uTorrent
[2010/08/12 19:50:12 | 000,000,000 | ---D | M] -- C:\Users\VMw4r3\AppData\Roaming\Vodafone
[2011/05/20 20:00:16 | 000,000,488 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2011/01/10 07:58:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/02 23:06:58 | 000,332,800 | ---- | M] () -- C:\wget-1.10.2.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >


extras.Txt

OTL Extras logfile created on: 20/05/2011 20:15:08 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\VMw4r3\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 28.35 Gb Free Space | 38.09% Space Free | Partition Type: NTFS

Computer Name: VMW4R3-PC | User Name: VMw4r3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3787302479-1792056733-934747533-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\VMw4r3\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{136BB0FD-7E70-40F5-B17E-5FB91F229463}" = AdC4USelfUpdater
"{1BAE8AB6-4533-4CB1-94D6-A5F401ED468C}" = aioscnnr
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1CA75E08-616B-4F3C-A8E6-5E4BDC04E398}" = Advent AIO Printer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}" = ADVENT AIO Printer
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{4973FC3B-FF66-4610-B9ED-2DDEFBF4D2D7}" = PreReq
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61381690-7DDA-44F6-B3F0-6529FB8B6E5D}" = Advent Essentials
"{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1" = Hijack Hunter 1.5
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6EEDA53A-CEC9-42D6-80D9-4C9A1143A1B4}_is1" = NoVirusThanks Uploader 2.4.3.1
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C985153C-3801-EB63-1432-088E71801033}" = Nero 7 Demo
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"3 Connect" = 3 Connect
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced LAN Scanner v1.0 BETA 1" = Advanced LAN Scanner v1.0 BETA 1
"avast" = avast! Free Antivirus
"Bandwidth Monitor Pro" = Bandwidth Monitor Pro
"BWMeter" = BWMeter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Driver Checker_is1" = Driver Checker v2.7.4
"DVDFab 8 Qt_is1" = DVDFab 8.0.9.1 (11/05/2011) Qt
"Google Chrome" = Google Chrome
"Havij_is1" = Havij 1.14 Free
"HotspotShield" = Hotspot Shield 2.03
"Huawei Modems" = Huawei modem
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iSnooker" = iSnooker
"JSMS 4.3.7" = JSMS
"kismetinst" = Kismet 2008-05-R1 for Windows
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"Notepad++" = Notepad++
"NoVirusThanks Anti-Rootkit (Free Edition)_is1" = NoVirusThanks Anti-Rootkit (Free Edition) v1.2
"PartyPoker" = PartyPoker
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Speccy" = Speccy
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply
  • 0

#5
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
1st report:

Autoscan: completed 7 minutes ago (events: 2, objects: 6407, time: 00:07:44)
20/05/2011 22:22:39 Task started
20/05/2011 22:30:23 Task completed


Attached File  avptool_sysinfo.zip   172.58KB   113 downloads
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, gary

Nothing jumps out to me. Let's try with this surgical tool now:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image

<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection

<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#7
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Combo-Fix.txt

ComboFix 11-05-21.03 - VMw4r3 22/05/2011 12:26:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.353.1033.18.1918.1299 [GMT 1:00]
Running from: c:\users\VMw4r3\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\passwordspro\passwordspro.exe
c:\users\VMw4r3\AppData\Roaming\Microsoft\Windows\Recent\Evony-Free_Forever.url
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-22 11:40 . 2011-05-22 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 21:14 . 2011-05-20 21:16 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-20 12:37 . 2011-05-20 16:52 -------- d-----w- c:\users\VMw4r3\.JSMS
2011-05-20 12:34 . 2011-05-20 12:35 -------- d-----w- c:\program files\JSMS
2011-05-20 07:16 . 2011-05-20 07:16 -------- d-----w- c:\program files\Speccy
2011-05-20 06:36 . 2010-12-14 13:43 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-20 06:35 . 2011-05-20 06:40 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-20 06:34 . 2011-05-20 06:34 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-20 03:28 . 2011-05-20 03:28 -------- d-----w- c:\program files\VirusTotalUploader2
2011-05-19 23:05 . 2011-05-10 07:44 -------- d---a-w- c:\users\VMw4r3\windows-binaries
2011-05-19 20:32 . 2011-05-19 20:32 -------- d-----w- c:\programdata\DeskSoft
2011-05-19 20:29 . 2011-05-19 20:29 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2011-05-19 20:29 . 2011-05-19 20:32 -------- d-----w- c:\program files\BWMeter
2011-05-19 20:29 . 2011-05-19 20:29 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\DeskSoft
2011-05-19 20:07 . 2011-05-20 07:15 -------- d-----w- c:\users\VMw4r3\python271
2011-05-19 17:14 . 2011-05-19 17:14 -------- d-----w- c:\programdata\hssff
2011-05-19 10:04 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-19 10:04 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-19 10:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 00:05 . 2011-05-19 00:06 -------- d-----w- c:\program files\Havij 1.14 Free
2011-05-19 00:05 . 2000-05-21 22:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2011-05-18 23:30 . 2011-05-19 00:09 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Apple Computer
2011-05-18 23:30 . 2011-05-18 23:30 -------- d-----w- c:\users\VMw4r3\AppData\Local\Apple Computer
2011-05-18 23:30 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-18 23:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-18 23:28 . 2011-05-18 23:28 -------- d-----w- c:\program files\iPod
2011-05-18 23:28 . 2011-05-18 23:30 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-18 23:28 . 2011-05-18 23:30 -------- d-----w- c:\program files\iTunes
2011-05-18 23:25 . 2011-05-18 23:28 -------- d-----w- c:\programdata\Apple Computer
2011-05-18 23:25 . 2011-05-18 23:26 -------- d-----w- c:\program files\QuickTime
2011-05-18 23:25 . 2011-05-18 23:25 -------- d-----w- c:\users\VMw4r3\AppData\Local\Apple
2011-05-18 23:25 . 2011-05-18 23:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-18 23:24 . 2011-05-18 23:24 -------- d-----w- c:\program files\Bonjour
2011-05-18 23:24 . 2011-05-18 23:28 -------- d-----w- c:\program files\Common Files\Apple
2011-05-18 23:24 . 2011-05-18 23:25 -------- d-----w- c:\programdata\Apple
2011-05-18 23:10 . 2011-05-18 23:11 -------- d-----w- c:\program files\Hotspot Shield
2011-05-13 22:00 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-05-13 21:59 . 2011-05-13 21:59 -------- d-----w- C:\Games
2011-05-12 13:39 . 2011-05-12 13:39 -------- d-----w- c:\programdata\vsosdk
2011-05-12 12:49 . 2011-05-12 12:52 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-05-07 18:32 . 2011-05-07 18:32 -------- d-----w- c:\users\VMw4r3\AppData\Local\FlyOrDie
2011-05-07 18:05 . 2011-05-07 18:05 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\SpinTop
2011-05-07 00:19 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 20:03 . 2011-05-04 18:54 -------- d-----w- c:\users\VMw4r3\AppData\Local\Mozilla Firefox
2011-04-28 18:41 . 2011-04-28 18:42 -------- d-----w- c:\users\VMw4r3\AppData\Local\Tific
2011-04-28 18:41 . 2011-04-28 18:41 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Tific
2011-04-28 18:41 . 2011-05-20 03:44 -------- d-----w- c:\programdata\Norton
2011-04-26 02:29 . 2011-05-20 17:52 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Paltalk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-07-01 20:22 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-16 13:16 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-04-16 13:17 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-04-16 13:17 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-16 13:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-16 13:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-16 13:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 23:18 . 2011-04-14 23:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-04-13 16:05 . 2011-04-13 16:05 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:33 . 2011-04-15 13:31 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 13:31 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:28 . 2011-04-15 13:31 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33 . 2011-04-15 13:23 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52 . 2011-04-15 13:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38 . 2011-04-15 13:32 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-15 13:32 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-15 13:33 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 20:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-24 05:38 . 2011-04-15 13:33 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 04:48 . 2011-04-15 13:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-15 13:33 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-15 13:33 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-15 13:31 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-15 13:31 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-15 13:31 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-15 13:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 225280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-4-14 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=c:\program files\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Conime"=%windir%\system32\conime.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2011-05-19 28552]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-02-17 112128]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\DRIVERS\tap0801co.sys [2006-08-31 25856]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 uti2mjiw;AVZ Kernel Driver;c:\windows\system32\Drivers\uti2mjiw.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [2011-05-19 62464]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-04-15 289096]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-04-14 328952]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [2010-09-30 361904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [2011-05-19 28552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:52]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=100000018&l=dis&gct=hp
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\VMw4r3\AppData\Roaming\Mozilla\Firefox\Profiles\yhqg1pod.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: network.proxy.http - menloventures.com
FF - prefs.js: network.proxy.http_port - 6543
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,83,de,c3,34,72,f3,4b,9d,d6,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,83,de,c3,34,72,f3,4b,9d,d6,8d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-22 12:49:06
ComboFix-quarantined-files.txt 2011-05-22 11:49
.
Pre-Run: 29,556,649,984 bytes free
Post-Run: 29,319,241,728 bytes free
.
- - End Of File - - D7811F02BB82ABE53D2441E4193613EF
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

It seems clean from logs.

In terms of conime.exe this process is used when a Asian language is used in Windows. Are you using Asian language?
  • 0

#9
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
No , Im using english.
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
But conime.exe is excluded from autostart. It's running anyway?
  • 0

Advertisements


#11
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have startupmonitor.exe running and at least once aday I get a popup telling me conime.exe it try to add itself to the startup
. I always click do not allow. I cant even find the conime.exe file on the computer.
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try this:

Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
%windir%\system32\conime.exe

Folder::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Conime"=-

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#13
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
log.txt

ComboFix 11-05-21.03 - VMw4r3 22/05/2011 14:58:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.353.1033.18.1918.1301 [GMT 1:00]
Running from: c:\users\VMw4r3\Desktop\Combo-Fix.exe
Command switches used :: c:\users\VMw4r3\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-22 14:27 . 2011-05-22 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 13:53 . 2011-05-22 13:53 -------- d-----w- c:\program files\ERUNT
2011-05-20 21:14 . 2011-05-20 21:16 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-20 12:37 . 2011-05-20 16:52 -------- d-----w- c:\users\VMw4r3\.JSMS
2011-05-20 12:34 . 2011-05-20 12:35 -------- d-----w- c:\program files\JSMS
2011-05-20 07:16 . 2011-05-20 07:16 -------- d-----w- c:\program files\Speccy
2011-05-20 06:36 . 2010-12-14 13:43 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-20 06:35 . 2011-05-20 06:40 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-20 06:34 . 2011-05-20 06:34 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-20 03:28 . 2011-05-20 03:28 -------- d-----w- c:\program files\VirusTotalUploader2
2011-05-19 23:05 . 2011-05-10 07:44 -------- d---a-w- c:\users\VMw4r3\windows-binaries
2011-05-19 20:32 . 2011-05-19 20:32 -------- d-----w- c:\programdata\DeskSoft
2011-05-19 20:29 . 2011-05-19 20:29 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2011-05-19 20:29 . 2011-05-19 20:32 -------- d-----w- c:\program files\BWMeter
2011-05-19 20:29 . 2011-05-19 20:29 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\DeskSoft
2011-05-19 20:07 . 2011-05-20 07:15 -------- d-----w- c:\users\VMw4r3\python271
2011-05-19 17:14 . 2011-05-19 17:14 -------- d-----w- c:\programdata\hssff
2011-05-19 10:04 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-19 10:04 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-19 10:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 00:05 . 2011-05-19 00:06 -------- d-----w- c:\program files\Havij 1.14 Free
2011-05-19 00:05 . 2000-05-21 22:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2011-05-18 23:30 . 2011-05-19 00:09 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Apple Computer
2011-05-18 23:30 . 2011-05-18 23:30 -------- d-----w- c:\users\VMw4r3\AppData\Local\Apple Computer
2011-05-18 23:30 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-18 23:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-18 23:28 . 2011-05-18 23:28 -------- d-----w- c:\program files\iPod
2011-05-18 23:28 . 2011-05-18 23:30 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-18 23:28 . 2011-05-18 23:30 -------- d-----w- c:\program files\iTunes
2011-05-18 23:25 . 2011-05-18 23:28 -------- d-----w- c:\programdata\Apple Computer
2011-05-18 23:25 . 2011-05-18 23:26 -------- d-----w- c:\program files\QuickTime
2011-05-18 23:25 . 2011-05-18 23:25 -------- d-----w- c:\users\VMw4r3\AppData\Local\Apple
2011-05-18 23:25 . 2011-05-18 23:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-18 23:24 . 2011-05-18 23:24 -------- d-----w- c:\program files\Bonjour
2011-05-18 23:24 . 2011-05-18 23:28 -------- d-----w- c:\program files\Common Files\Apple
2011-05-18 23:24 . 2011-05-18 23:25 -------- d-----w- c:\programdata\Apple
2011-05-18 23:10 . 2011-05-18 23:11 -------- d-----w- c:\program files\Hotspot Shield
2011-05-13 22:00 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-05-13 21:59 . 2011-05-13 21:59 -------- d-----w- C:\Games
2011-05-12 13:39 . 2011-05-12 13:39 -------- d-----w- c:\programdata\vsosdk
2011-05-12 12:49 . 2011-05-12 12:52 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-05-07 18:32 . 2011-05-07 18:32 -------- d-----w- c:\users\VMw4r3\AppData\Local\FlyOrDie
2011-05-07 18:05 . 2011-05-07 18:05 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\SpinTop
2011-05-07 00:19 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 20:03 . 2011-05-04 18:54 -------- d-----w- c:\users\VMw4r3\AppData\Local\Mozilla Firefox
2011-04-28 18:41 . 2011-04-28 18:42 -------- d-----w- c:\users\VMw4r3\AppData\Local\Tific
2011-04-28 18:41 . 2011-04-28 18:41 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Tific
2011-04-28 18:41 . 2011-05-20 03:44 -------- d-----w- c:\programdata\Norton
2011-04-26 02:29 . 2011-05-20 17:52 -------- d-----w- c:\users\VMw4r3\AppData\Roaming\Paltalk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-07-01 20:22 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-16 13:16 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-04-16 13:17 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-04-16 13:17 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-16 13:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-16 13:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-16 13:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 23:18 . 2011-04-14 23:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-04-13 16:05 . 2011-04-13 16:05 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:33 . 2011-04-15 13:31 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 13:31 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:28 . 2011-04-15 13:31 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33 . 2011-04-15 13:23 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52 . 2011-04-15 13:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38 . 2011-04-15 13:32 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-15 13:32 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-15 13:33 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 20:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-24 05:38 . 2011-04-15 13:33 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 04:48 . 2011-04-15 13:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-15 13:33 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-15 13:33 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-15 13:31 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-15 13:31 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-15 13:31 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-15 13:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 225280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
.
c:\users\VMw4r3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-4-14 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=c:\program files\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Conime"=%windir%\system32\conime.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2011-05-19 28552]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-02-17 112128]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\DRIVERS\tap0801co.sys [2006-08-31 25856]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 uti2mjiw;AVZ Kernel Driver;c:\windows\system32\Drivers\uti2mjiw.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [2011-05-19 62464]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-04-15 289096]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-04-14 328952]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [2010-09-30 361904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [2011-05-19 28552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:52]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=100000018&l=dis&gct=hp
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\VMw4r3\AppData\Roaming\Mozilla\Firefox\Profiles\yhqg1pod.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: network.proxy.http - menloventures.com
FF - prefs.js: network.proxy.http_port - 6543
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,83,de,c3,34,72,f3,4b,9d,d6,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,83,de,c3,34,72,f3,4b,9d,d6,8d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-22 15:54:53
ComboFix-quarantined-files.txt 2011-05-22 14:54
ComboFix2.txt 2011-05-22 11:49
.
Pre-Run: 29,304,094,720 bytes free
Post-Run: 29,110,779,904 bytes free
.
- - End Of File - - A6F44F5004EAEE2270B53B0AFCF5DD28
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *conime*
    
    :regfind
    *conime*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#15
gary1210

gary1210

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
systemlook.txt

SystemLook 04.09.10 by jpshortstuff
Log created at 19:07 on 22/05/2011 by VMw4r3
Administrator - Elevation successful

========== filefind ==========

Searching for "*conime*"
No files found.

========== regfind ==========

Searching for "*conime*"
No data found.

-= EOF =-
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP