Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible TDL3 Rootkit

Started by fleggy1 , May 29 2011 05:29 AM

This topic is locked

#1
fleggy1

Posted 29 May 2011 - 05:29 AM

Member

Member
52 posts

I have a possible TDL3 rootkit i think its hidden its self in my HDD drivers because i cant find them in device manager or disk managment

I have run malware bytes and cleared all of the problems run CCleaner i have tryed to use combofix but it gets to task 50 and when its finished i get a BSoD saying bad pool header every time

Can anyone help please?

thank you

#2
Render

Posted 29 May 2011 - 05:38 AM

Trusted Helper

Malware Removal
4,195 posts

Hi, fleggy1! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Please do the following:

Step 1

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

aswMBR log
OTL scan log

#3
fleggy1

Posted 29 May 2011 - 06:11 AM

Member

Topic Starter
Member
52 posts

MBR LOG
aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-29 12:46:27
-----------------------------
12:46:27.937 OS Version: Windows 5.1.2600 Service Pack 3
12:46:27.937 Number of processors: 1 586 0x209
12:46:27.937 ComputerName: CHRIS-COMPUTER UserName: my comp
12:46:34.531 Initialize success
12:46:50.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:46:50.000 Disk 0 Vendor: WDC_WD800AB-00CBA1 04.07B04 Size: 76319MB BusType: 3
12:46:50.000 Device \Driver\atapi -> DriverStartIo 8a4b453b
12:46:50.000 Disk 0 MBR read error 0
12:46:50.000 Disk 0 MBR scan
12:46:50.000 Disk 0 unknown MBR code
12:46:50.000 MBR BIOS signature not found 0
12:46:50.000 Disk 0 scanning sectors +156296385
12:46:50.015 Disk 0 scanning C:\WINDOWS\system32\drivers
12:47:00.015 Service scanning
12:47:01.593 Disk 0 trace - called modules:
12:47:01.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4b46f0]<<
12:47:01.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60aab8]
12:47:01.593 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a543f18]
12:47:01.609 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> [0x8a60d940]
12:47:01.609 \Driver\atapi[0x8a60b328] -> IRP_MJ_CREATE -> 0x8a4b46f0
12:47:10.625 Unsigned kernel modules:
12:47:10.625 0xf74d5000 sppl.sys
12:47:17.890 0xba61b000 C:\WINDOWS\system32\drivers\vidstub.sys
12:47:30.703 0xb84db000 C:\WINDOWS\system32\DRIVERS\VClone.sys
12:47:37.187 0xf77c7000 C:\WINDOWS\System32\Drivers\StarOpen.SYS
12:47:37.515 0xba15b000 C:\WINDOWS\system32\drivers\oreans32.sys
12:47:43.828 0xa8bdf000 C:\WINDOWS\system32\FsUsbExDisk.SYS
12:47:44.171 Scan finished successfully
12:48:19.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\my comp\Desktop\MBR.dat"
12:48:19.109 The log file has been saved successfully to "C:\Documents and Settings\my comp\Desktop\aswMBR.txt"

#4
fleggy1

Posted 29 May 2011 - 06:13 AM

Member

Topic Starter
Member
52 posts

i cant post the OTL log i keep getting connection lost on IE anf Firefox

#5
Render

Posted 29 May 2011 - 06:29 AM

Trusted Helper

Malware Removal
4,195 posts

Please try to attach OTL.txt file and also this file:

On your desktop should be a file MBR.dat.
Please rename that file from MBR.dat to MBR.txt and attach it in your next reply.

How to add an attachment to a new topic or reply

#6
fleggy1

Posted 29 May 2011 - 06:38 AM

Member

Topic Starter
Member
52 posts

Both attached

OTL logfile created on: 29/05/2011 12:50:11 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\my comp\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 40.99% Memory free
3.60 Gb Paging File | 2.87 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): C:\pagefile.sys 2302 2302 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.48 Gb Free Space | 23.45% Space Free | Partition Type: NTFS

Computer Name: CHRIS-COMPUTER | User Name: my comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 00:41:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\my comp\Desktop\OTL.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\Nvidia Corporation\System Update\UpdateCenterService.exe
PRC - [2009/09/10 18:14:18 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/01/09 04:15:22 | 000,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 09:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2007/12/21 09:21:06 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/25 23:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\KMProcess.exe
PRC - [2007/09/17 22:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\KMConfig.exe
PRC - [2007/08/18 18:17:34 | 000,020,480 | ---- | M] (BackWeb Technologies Inc. ) -- C:\Documents and Settings\my comp\Local Settings\Temp\bwgo0000f915.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/29 16:40:48 | 000,360,096 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2007/03/06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/11/23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/01/10 10:35:16 | 000,073,728 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2004/11/15 12:49:54 | 000,098,304 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2004/04/02 15:11:54 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe

========== Modules (SafeList) ==========

MOD - [2011/05/29 00:41:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\my comp\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (CA Personal Firewall ASEM)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2011/05/15 21:02:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/09/10 18:14:18 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/23 19:52:31 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/01/09 04:15:22 | 000,419,448 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe -- (a2free)
SRV - [2008/10/16 19:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/12/21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/05/29 16:40:48 | 000,360,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2002/07/17 03:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)

========== Driver Services (SafeList) ==========

DRV - [2009/08/31 10:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/06/21 15:18:18 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/06/08 15:11:38 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/18 17:31:21 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/04/23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/03/18 12:34:44 | 001,512,960 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/14 01:11:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/12/21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/12/21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/17 07:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/15 20:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/29 18:18:10 | 000,167,566 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kUSB.sys -- (Ch2kUSB)
DRV - [2006/04/28 09:59:10 | 000,072,149 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kUSBm.sys -- (Ch2kUSBM)
DRV - [2006/03/13 17:50:08 | 000,085,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex)
DRV - [2006/03/13 17:50:06 | 000,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 17:50:02 | 000,096,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm)
DRV - [2006/03/13 17:50:00 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl)
DRV - [2006/03/13 17:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2006/02/13 16:21:08 | 000,053,205 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M) Cherry PS/2 Mouse Driver (CDI)
DRV - [2005/10/26 14:48:46 | 000,134,446 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kPS2.sys -- (Ch2kPS2) Cherry PS/2 Keyboard Driver (CDI)
DRV - [2004/08/03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/14 05:09:20 | 000,244,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/06/29 07:05:00 | 000,654,508 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/04/11 21:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/02/13 19:27:30 | 000,166,419 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/13 19:26:54 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/13 19:20:46 | 000,594,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2001/08/09 19:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/07/17 22:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Extensions
[2011/01/18 09:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions
[2009/08/03 03:07:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 01:41:18 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010/11/09 23:06:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\[email protected]
[2010/02/08 01:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2009/12/22 10:48:02 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\searchplugins\fast-browser-search.xml
[2011/04/29 17:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/04/14 18:41:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/12 03:46:32 | 000,412,340 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14250 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [CookiePatrol] c:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KMConfig] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] c:\Program Files\PestPatrol\PPControl.exe (Computer Associates International)
O4 - HKLM..\Run: [PPMemCheck] c:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKU\S-1-5-21-1762929963-343237184-427782826-1012..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/o...utodetectNT.cab (SiS_OCX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1222901820750 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168702453640 (MUWebControl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://sun.jerseyins...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} http://www.blogtv.co...ct/launcher.cab (LauncherV1 Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (ZoneChess Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\my comp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\my comp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/22 02:11:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70663829905735680)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 12:46:08 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Documents and Settings\my comp\Desktop\aswMBR.exe
[2011/05/29 12:14:53 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\my comp\Desktop\ComboFix.exe
[2011/05/29 12:14:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\my comp\Desktop\OTL.exe
[2011/05/28 20:26:38 | 000,000,000 | ---D | C] -- C:\cmdcons
[2011/05/28 20:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/27 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/27 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/27 08:53:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 08:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/27 08:53:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 08:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/27 00:43:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\my comp\Recent
[2011/05/27 00:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/27 00:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/26 20:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Application Data\Malwarebytes
[2011/05/26 20:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 19:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Local Settings\Application Data\{FD2EB270-36FB-422B-9974-217F10A38EE3}
[2011/05/26 00:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Start Menu\Programs\FrostWire
[2011/05/19 20:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Local Settings\Application Data\Nem's Tools
[2011/05/19 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2011/05/19 20:26:12 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/16 13:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Application Data\Colibri Games
[2011/05/16 13:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2011/05/15 20:52:01 | 000,000,000 | ---D | C] -- C:\srcds
[2011/05/14 11:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Start Menu\Programs\Notepad++
[2011/05/14 11:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/05/14 11:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Application Data\Notepad++
[2011/05/09 23:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/09 23:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/09 23:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/09 23:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/09 00:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\my comp\Desktop\emmas music
[2011/04/29 15:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/29 15:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2009/01/08 05:04:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\my comp\Application Data\pcouffin.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 12:49:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 12:48:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\MBR.dat
[2011/05/29 12:45:35 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Documents and Settings\my comp\Desktop\aswMBR.exe
[2011/05/29 12:14:15 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/29 12:03:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 11:51:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/29 11:49:17 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 11:48:13 | 000,131,554 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/29 11:48:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/29 11:48:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 11:47:47 | 1610,178,560 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/29 02:57:49 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC28CB49-F5E1-4C7A-A639-4E1026F831E0}.job
[2011/05/29 00:41:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\my comp\Desktop\OTL.exe
[2011/05/28 20:27:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/28 20:20:09 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\my comp\Desktop\ComboFix.exe
[2011/05/28 02:48:28 | 718,583,808 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\ubuntu-11.04-desktop-i386.iso
[2011/05/27 15:47:37 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/27 08:53:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 00:11:32 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/27 00:11:32 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/27 00:11:01 | 000,013,820 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\1870965144
[2011/05/27 00:11:01 | 000,013,820 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\170006995
[2011/05/27 00:11:01 | 000,013,812 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1870965144
[2011/05/27 00:11:01 | 000,013,812 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\170006995
[2011/05/26 20:40:13 | 000,065,787 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\vffrtg
[2011/05/26 19:36:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tqikafaze.dat
[2011/05/26 19:36:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hsaqebufisawanu.bin
[2011/05/26 00:51:12 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\my comp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/26 00:51:11 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\FrostWire 4.21.7.lnk
[2011/05/23 23:31:49 | 000,024,490 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Picture0025.jpg
[2011/05/23 23:27:11 | 000,031,622 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Picture0081.jpg
[2011/05/23 23:23:27 | 000,024,018 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Picture0062.jpg
[2011/05/20 22:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 20:33:08 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\GCFScape.lnk
[2011/05/19 20:26:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/17 01:12:38 | 000,059,767 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\DUCK!!.jpg
[2011/05/16 22:35:47 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\StartServer.bat
[2011/05/16 08:59:32 | 000,096,208 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\speed2.JPG
[2011/05/16 08:59:12 | 000,100,205 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\speed.JPG
[2011/05/16 00:39:24 | 000,002,962 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\server.cfg
[2011/05/15 20:53:00 | 000,001,066 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\server_dowmload.bat
[2011/05/14 11:00:37 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Notepad++.lnk
[2011/05/13 16:24:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/12 16:51:39 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2011/05/09 23:30:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/09 23:10:38 | 000,119,882 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Image.jpg
[2011/05/06 18:10:16 | 000,000,609 | ---- | M] () -- C:\WINDOWS\System\Cmicnfg3.ini
[2011/05/01 23:44:22 | 000,000,700 | ---- | M] () -- C:\WINDOWS\setup.ini
[2011/05/01 23:44:21 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2011/05/01 23:44:21 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2011/04/29 17:11:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\my comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:11:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 15:38:10 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Combat Arms EU.lnk
[2011/04/29 14:00:14 | 000,000,023 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 12:48:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\MBR.dat
[2011/05/28 20:26:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/28 20:26:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/27 19:10:25 | 718,583,808 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\ubuntu-11.04-desktop-i386.iso
[2011/05/27 08:53:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 23:21:17 | 000,013,820 | -HS- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\1870965144
[2011/05/26 23:20:58 | 000,013,812 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1870965144
[2011/05/26 23:20:58 | 000,013,812 | -HS- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\170006995
[2011/05/26 23:19:54 | 000,013,820 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\170006995
[2011/05/26 23:19:54 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/26 23:19:49 | 000,015,170 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/26 23:19:49 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/26 20:40:09 | 000,065,787 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\vffrtg
[2011/05/26 19:36:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tqikafaze.dat
[2011/05/26 19:36:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hsaqebufisawanu.bin
[2011/05/26 00:51:12 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/05/26 00:51:11 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\FrostWire 4.21.7.lnk
[2011/05/23 23:31:48 | 000,024,490 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Picture0025.jpg
[2011/05/23 23:27:10 | 000,031,622 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Picture0081.jpg
[2011/05/23 23:23:27 | 000,024,018 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Picture0062.jpg
[2011/05/19 20:33:08 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\GCFScape.lnk
[2011/05/17 01:12:32 | 000,059,767 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\DUCK!!.jpg
[2011/05/16 08:59:32 | 000,096,208 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\speed2.JPG
[2011/05/16 08:59:12 | 000,100,205 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\speed.JPG
[2011/05/16 00:53:37 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\StartServer.bat
[2011/05/16 00:39:24 | 000,002,962 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\server.cfg
[2011/05/15 20:39:42 | 000,001,066 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\server_dowmload.bat
[2011/05/14 11:00:37 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Notepad++.lnk
[2011/05/09 23:30:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/07 22:17:40 | 000,119,882 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Image.jpg
[2011/05/01 23:44:22 | 000,000,700 | ---- | C] () -- C:\WINDOWS\setup.ini
[2011/04/29 17:11:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:11:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 17:11:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 15:38:10 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Combat Arms EU.lnk
[2011/04/29 12:59:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/26 23:43:49 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\RSBot_Accounts.ini
[2010/11/07 02:01:10 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2010/11/07 01:59:17 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/08/07 11:29:03 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 00:30:17 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\RSBot Accounts.ini
[2009/12/30 18:41:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/30 18:41:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/12/30 18:40:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\$_hpcst$.hpc
[2009/09/13 23:47:34 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\setup_ldm.iss
[2009/08/21 17:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 21:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009/07/08 00:55:12 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/06/21 15:18:18 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/06/11 15:29:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/06 23:13:49 | 000,005,469 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.INI
[2009/05/06 23:13:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GRAPPLER.INI
[2009/05/06 23:13:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TSCFM.INI
[2009/05/06 22:53:55 | 000,000,351 | ---- | C] () -- C:\WINDOWS\TSCTVFM.INI
[2009/05/06 22:53:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\TSCTV.INI
[2009/05/06 22:53:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI
[2009/03/02 02:07:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mshearts.exe
[2009/03/02 02:07:38 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\winmine.exe
[2009/03/02 02:07:38 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\sol.exe
[2009/03/02 02:07:37 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\freecell.exe
[2009/02/07 21:19:10 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/02/04 02:00:51 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\EpfwUser.dat
[2009/02/03 22:08:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.BIN
[2009/01/18 20:12:43 | 000,300,032 | ---- | C] () -- C:\WINDOWS\unin0411.exe
[2009/01/08 05:04:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\inst.exe
[2009/01/08 05:04:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\pcouffin.cat
[2009/01/08 05:04:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\pcouffin.inf
[2008/11/28 01:21:29 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\SamsungLiveUpdateConfig.ini
[2008/11/11 22:08:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/11/09 11:37:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/04 17:27:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/02 14:13:37 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/02 14:07:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/22 00:16:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/10/20 01:25:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2008/10/08 00:07:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/02 22:31:08 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\fusioncache.dat
[2008/10/02 21:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/10/02 19:41:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/10/02 19:41:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008/10/02 18:59:53 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/02 00:49:10 | 000,538,624 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2008/08/26 01:32:19 | 000,035,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/17 11:56:19 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/08/06 09:53:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/19 15:01:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/07/19 14:45:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/07/18 21:07:39 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/07/17 16:16:56 | 000,360,096 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe
[2008/07/17 16:16:48 | 000,048,800 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2008/07/17 16:16:46 | 001,969,824 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe
[2008/07/17 16:16:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2008/07/17 16:16:45 | 000,102,048 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2008/07/17 16:16:39 | 000,007,341 | ---- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2008/07/17 16:16:38 | 000,007,633 | ---- | C] () -- C:\WINDOWS\System32\Vista.ini
[2008/07/17 16:16:37 | 000,013,951 | ---- | C] () -- C:\WINDOWS\System32\Photoshop Elements.ini
[2008/07/17 16:16:35 | 000,010,361 | ---- | C] () -- C:\WINDOWS\System32\PhotoImpact XL SE.ini
[2008/07/17 16:16:34 | 000,000,574 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2008/07/17 16:16:32 | 000,006,386 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2008/07/01 21:25:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/06/28 22:07:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\iRODUninstall.exe
[2008/06/28 21:32:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SkycarUninstall.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/04 18:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008/04/05 20:50:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/05 20:31:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/03/30 13:39:15 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/30 13:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/04 19:34:25 | 000,000,360 | ---- | C] () -- C:\WINDOWS\STORMWIN.INI
[2008/03/04 19:34:08 | 000,006,464 | ---- | C] () -- C:\WINDOWS\MOVEXE.EXE
[2008/03/04 19:28:03 | 000,002,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\ionex.sys
[2008/02/25 13:26:03 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\WavCodec.wff
[2008/02/17 01:47:44 | 000,000,147 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/02/07 12:08:29 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/09 08:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/09 08:23:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/09 08:23:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/09 08:23:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/09 08:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/09 08:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/09 08:23:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/09 08:23:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/01/09 08:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvwrseng.dll
[2008/01/09 08:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/12/21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/12/13 22:07:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/13 22:07:25 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\PnkBstrK.sys
[2007/12/13 22:07:09 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/13 22:07:07 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/12/01 00:17:46 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 14:04:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/28 19:14:59 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/08/28 19:11:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2007/08/27 15:19:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/08/27 15:16:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/20 22:20:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/08/18 16:59:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2007/08/18 16:58:01 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2007/08/18 16:47:19 | 000,001,336 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/08/17 22:59:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/08/17 22:59:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/12 17:27:05 | 000,000,039 | ---- | C] () -- C:\WINDOWS\ideq32.ini
[2007/08/11 21:17:55 | 000,000,736 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2007/07/18 16:46:58 | 000,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2007/06/06 19:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/31 20:07:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/05/29 16:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/19 15:55:17 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/01/14 01:22:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/01/14 01:18:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/13 14:53:32 | 000,001,945 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/11 18:33:59 | 000,002,402 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\rasmontr.dll
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\rasrad.dll
[2004/08/04 13:00:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\rasmxs.dll
[2004/08/04 13:00:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\expand.exe
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/29 15:47:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/04/23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/03/22 08:53:32 | 000,001,490 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/22 08:53:05 | 000,536,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/22 08:53:05 | 000,100,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/22 08:53:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/22 03:16:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/22 03:13:17 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/03/22 02:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/03/22 02:32:41 | 000,000,491 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/03/22 02:26:19 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/03/22 02:25:48 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/03/22 02:25:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/03/22 02:14:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/22 02:07:22 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/22 01:59:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/22 01:58:05 | 003,612,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2008/09/04 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2010/03/08 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2009/04/12 10:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2009/01/08 03:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/04/10 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/07/06 23:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/05/16 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/10/08 00:00:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/16 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2009/06/08 17:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/05 15:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/08 01:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/08/07 11:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/11/04 02:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/08/16 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/12/21 21:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/02/24 18:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/29 15:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/12/20 00:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010/07/11 19:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/02/17 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/30 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/07 02:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/10/29 10:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/10/08 00:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/08/21 23:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2008/08/05 00:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/10 23:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/02/07 03:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/07 01:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/05/01 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/17 20:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/11/24 11:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/15 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/23 19:47:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/04/23 01:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/09 23:49:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2010/03/10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/04/21 10:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\.minecraft
[2009/04/11 00:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Acronis
[2008/08/10 13:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Atari
[2011/05/26 19:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Azureus
[2010/02/13 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Canon
[2011/05/16 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Colibri Games
[2009/08/30 12:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\com.adobe.ExMan
[2010/03/20 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/13 01:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Crayon Physics Deluxe
[2009/06/08 17:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\DAEMON Tools Lite
[2009/06/08 17:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\DAEMON Tools Pro
[2009/02/17 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Deckadance
[2009/10/05 15:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ESET
[2010/04/03 16:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Facebook
[2011/05/26 00:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\FrostWire
[2009/10/29 00:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\gtk-2.0
[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\InterTrust
[2008/07/18 02:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\KlipFolio
[2008/07/01 21:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Leadertech
[2009/07/13 01:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ManyCam
[2008/10/12 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\MarmaladeCvs
[2008/03/14 15:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\NCH Swift Sound
[2011/05/14 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Notepad++
[2009/12/30 18:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\PC Suite
[2009/10/07 02:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Propellerhead Software
[2009/12/30 18:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Samsung
[2008/10/08 00:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ScanSoft
[2009/07/17 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Sony
[2009/07/25 02:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SoundSpectrum
[2008/11/10 18:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SPORE
[2011/05/14 02:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Spotify
[2009/09/08 21:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Subversion
[2010/11/01 14:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SystemRequirementsLab
[2010/07/11 19:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Tatara Systems
[2008/12/23 02:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\TeamViewer
[2008/06/18 00:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Teleca
[2007/12/21 01:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Template
[2009/01/23 19:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\TuneUp Software
[2009/05/24 10:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Valusoft
[2007/11/26 19:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Viewpoint
[2010/05/01 10:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Vso
[2008/10/02 09:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Windows Desktop Search
[2008/10/02 09:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Windows Search
[2008/07/17 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Xilisoft Corporation
[2011/05/29 11:51:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/29 02:57:49 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC28CB49-F5E1-4C7A-A639-4E1026F831E0}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F

< End of report >

Attached Files

OTL.Txt 159.11KB 102 downloads
MBR.txt 512bytes 197 downloads

#7
Render

Posted 29 May 2011 - 06:59 AM

Trusted Helper

Malware Removal
4,195 posts

Now please do the following:

Step 1

We need to run an OTL Fix

Please rigt click on on your desktop and click on Run as administrator.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

:OTL
[2011/05/27 00:11:32 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/27 00:11:32 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8co2026h52561rmjhc53q5ekq
[2011/05/27 00:11:01 | 000,013,820 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\1870965144
[2011/05/27 00:11:01 | 000,013,820 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\170006995
[2011/05/27 00:11:01 | 000,013,812 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1870965144
[2011/05/27 00:11:01 | 000,013,812 | -HS- | M] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\170006995
[2011/05/26 19:36:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tqikafaze.dat
[2011/05/26 19:36:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hsaqebufisawanu.bin
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Run OTL again and click on Quick scan button.
Then post fresh OTL.txt log.

When completed the above, please post back the following in the order asked for:

OTL fix
TDSSKiller log
OTL scan log

#8
fleggy1

Posted 29 May 2011 - 10:08 AM

Member

Topic Starter
Member
52 posts

it was a TDL4 rootkit and files are attached

Attached Files

05292011_163324.log 6.46KB 105 downloads
TDSSKiller.2.5.3.0_29.05.2011_16.53.04_log.txt 54.18KB 112 downloads
OTL.Txt 132.36KB 108 downloads

#9
fleggy1

Posted 29 May 2011 - 10:14 AM

Member

Topic Starter
Member
52 posts

is my system good to go now ?

#10
Render

Posted 29 May 2011 - 10:20 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

No, not yet. Please follow the steps below:

Are you aware of that folder on your desktop: C:\Documents and Settings\my comp\Desktop\vffrtg ?

Step 1

We need to run an OTL Fix

Please rigt click on on your desktop and click on Run as administrator.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

:OTL
[2011/05/26 23:19:49 | 000,015,170 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\8co2026h52561rmjhc53q5ekq
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Please uninstall Hitman Pro for now. You can install it back if you wish after I will give you all clean.

Step 3

Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

When completed the above, please post back the following in the order asked for:

Fresh aswMBR log

#11
fleggy1

Posted 29 May 2011 - 10:34 AM

Member

Topic Starter
Member
52 posts

yea am aware of it its actually an image but without the .jpg extension and hitman pro is uninstalled just about to run otl and MBR

#12
fleggy1

Posted 29 May 2011 - 10:52 AM

Member

Topic Starter
Member
52 posts

i ran the otl fix but its just stuck on processing comlete shall i mnanually restart my computer?

#13
Render

Posted 29 May 2011 - 10:56 AM

Trusted Helper

Malware Removal
4,195 posts

Yes. Then run aswMBR scan please.

#14
fleggy1

Posted 29 May 2011 - 11:03 AM

Member

Topic Starter
Member
52 posts

both done

Attached Files

aswMBR.txt 1.89KB 161 downloads
05292011_174955.log 5.15KB 159 downloads

#15
Render

Posted 29 May 2011 - 11:09 AM

Trusted Helper

Malware Removal
4,195 posts

OK. Do the following:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer (included) and then select start scan
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip