Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cannot run virus scans or OTL

Started by nycmon , Jul 20 2011 11:20 PM

This topic is locked

#31
nycmon

Posted 02 August 2011 - 08:21 AM

Member

Topic Starter
Member
29 posts

Hi,
Thank you for the advice regarding p2p programs. I have always been careful regarding download of copyrighted files.
I scan every file downloaded before opening them as well.
I would appreciate any alternate solutions besides reformatting as my computer is a bit old and I can no longer find my windows CD. I also have too many files to back up and no means to do so. Please advise.
Thank you!

#32
sempai

Posted 02 August 2011 - 10:38 AM

Trusted Helper

Malware Removal
785 posts

Alright, it's your PC so it's your choice.

When we scan scan the two files using jotti and virscan, 2 scanners reported them as malware and this result can be legitimate or a false positive but to be on the safe side I will advice you to uninstall the following programs. I can't also find a clear description on them:

v_239_ss1 ?????????
v_269_ss1 ?????????
v_269_ss2 ?????????
v_273_ss1 ?????????
v_273_ss2 ?????????
v_287_ss1 Screensaver
v_287_ss2 Screensaver
v_294_ss1 Screensaver
v_294_ss2 Screensaver
v_310_ss1 Screensaver
v_310_ss2 Screensaver
v_322_ss1 Screensaver
v_322_ss2 Screensaver
v_360_ss1 Screensaver
v_360_ss2 Screensaver

Also, the following programs we're installed in your computer, can you tell me what are they?

WPB1003_ŽÑˆ»1 ?????????
WPB1003_ŽÑˆ»2 ?????????
WPB1003_ŽÑˆ»3 ?????????
WPB810_3 ?????????
WPB810_ŽÑˆ»1 ?????????
WPB810_ŽÑˆ»2 ?????????

========================

1. Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

:Files
C:\Documents and Settings\Compaq_Owner\My Documents\SUPERsetup.exe 
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\SUPERsetup.exe 
C:\MGtools\Process.exe 
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 
C:\Program Files\iPod\bin\iPodService.exe 
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe 
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe 
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe 
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 

:Commands
[EMPTYTEMP]

Push the Run Fix button.
OTL may ask to reboot the machine. Please do so if asked.
A massage box "Fix complete! Click OK to open the fix log." will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply.

2. Run OTL.

Click the None button at the top (Between "Run fix" and "Clean up" button).
Copy and Paste the following code into the Custom Scan box.
```
/md5start
netbt.sys
/md5stop
```
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows.
Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

#33
nycmon

Posted 02 August 2011 - 12:12 PM

Member

Topic Starter
Member
29 posts

Hi,

Once again thank you for taking the time out of your own personal schedule to help me!
Those v_ and WPB files were all screensavers I installed. I can remove them if you think they are suspicious.
They have those ???? in the name because they were in japanese i think.

#34
sempai

Posted 02 August 2011 - 09:36 PM

Trusted Helper

Malware Removal
785 posts

Please remove them as well, proceed with OTL fix and OTL custom scan please.

#35
nycmon

Posted 03 August 2011 - 07:05 AM

Member

Topic Starter
Member
29 posts

I have removed all those screensavers and deleted any trace of them from the windows folder.
However, while I was looking in the Windows folder I noticed meta4.exe and MOTA113.exe were still there...I have already uninstalled SUPER. Should these files still be here?
I see that spybot s&d files were removed during the custom fix, and S&D is showing that services are unavailable. Does it need to be reinstalled? Same for Itunes?
Thank you!

1)OTL custom fix log:

All processes killed
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\My Documents\SUPERsetup.exe moved successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\SUPERsetup.exe moved successfully.
C:\MGtools\Process.exe moved successfully.
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe moved successfully.
C:\Program Files\iPod\bin\iPodService.exe moved successfully.
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe moved successfully.
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe moved successfully.
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe moved successfully.
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe moved successfully.
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.FAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 6302137 bytes
->Temporary Internet Files folder emptied: 5323534 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16678459 bytes
->Google Chrome cache emptied: 7665406 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 343 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_085606

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2)OTL custom scan log:

OTL logfile created on: 8/3/2011 9:07:10 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 71.23% Memory free
3.74 Gb Paging File | 3.30 Gb Available in Paging File | 88.23% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 7.93 Gb Free Space | 5.56% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.33 Gb Free Space | 5.12% Space Free | Partition Type: NTFS
Drive F: | 279.47 Gb Total Space | 2.82 Gb Free Space | 1.01% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< >

< MD5 for: NETBT.SYS >
[2004/08/04 01:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] () MD5=97FE4A6C3BACD6BA52B6543B49F8EE4C -- C:\WINDOWS\system32\drivers\netbt.sys

< End of report >

Edited by nycmon, 03 August 2011 - 07:26 AM.

#36
sempai

Posted 03 August 2011 - 08:07 AM

Trusted Helper

Malware Removal
785 posts

However, while I was looking in the Windows folder I noticed meta4.exe and MOTA113.exe were still there

Delete them please.

see that spybot s&d files were removed during the custom fix, and S&D is showing that services are unavailable. Does it need to be reinstalled? Same for Itunes?

Yes, we removed them because they are infected, let's fix them later.

1. Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

:Files
C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\system32\dllcache\netbt.sys /replace

Push the Run Fix button.
OTL may ask to reboot the machine. Please do so if asked.
A massage box "Fix complete! Click OK to open the fix log." will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply.

2. Run OTL.

Click the None button at the top (Between "Run fix" and "Clean up" button).
Copy and Paste the following code into the Custom Scan box.
```
/md5start
netbt.sys
/md5stop
```
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows.
Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

#37
nycmon

Posted 03 August 2011 - 08:14 AM

Member

Topic Starter
Member
29 posts

Hi,

meta4 and MOTA113 were deleted.

OTL fix log:

========== FILES ==========
File C:\WINDOWS\system32\drivers\netbt.sys successfully replaced with C:\WINDOWS\system32\dllcache\netbt.sys

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_101152

#38
sempai

Posted 03 August 2011 - 08:28 AM

Trusted Helper

Malware Removal
785 posts

We need to see the OTL custom scan (step #2) so we can compare it with the previous one, post it when ready.

#39
nycmon

Posted 03 August 2011 - 08:35 AM

Member

Topic Starter
Member
29 posts

Hi,

sorry I was in the process when i received a phone call

Here is the OTL scan:

OTL logfile created on: 8/3/2011 10:14:48 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 66.27% Memory free
3.74 Gb Paging File | 3.22 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 9.85 Gb Free Space | 6.91% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.33 Gb Free Space | 5.12% Space Free | Partition Type: NTFS
Drive F: | 279.47 Gb Total Space | 2.82 Gb Free Space | 1.01% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2004/08/04 01:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< End of report >

Thank you!

#40
sempai

Posted 03 August 2011 - 08:51 AM

Trusted Helper

Malware Removal
785 posts

Everything is looking good, let's run a final scan with MBAM, run a final OTL scan and fix all the remaining problems.

1. Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.

The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

2. Please run OTL and click the "Quick Scan" button, post the new report for my review.

#41
nycmon

Posted 03 August 2011 - 10:58 AM

Member

Topic Starter
Member
29 posts

Hi here are the logs. Thank you!

1)MBAM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/3/2011 12:37:38 PM
mbam-log-2011-08-03 (12-37-38).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 394717
Time elapsed: 1 hour(s), 29 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP11\A0007220.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

2)OTL

OTL logfile created on: 8/3/2011 12:47:35 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 71.28% Memory free
3.74 Gb Paging File | 3.30 Gb Available in Paging File | 88.23% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 9.85 Gb Free Space | 6.91% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.33 Gb Free Space | 5.12% Space Free | Partition Type: NTFS
Drive F: | 279.47 Gb Total Space | 2.82 Gb Free Space | 1.01% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 22:45:04 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/07/06 11:21:26 | 003,788,704 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/07/06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/06/06 15:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/28 14:47:02 | 000,512,400 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/03/10 18:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/11/12 19:08:04 | 000,398,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logi\SetPointP\SetPoint.exe
PRC - [2010/08/19 03:06:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/21 00:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/01/23 22:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/12/14 19:53:38 | 000,454,656 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

========== Modules (SafeList) ==========

MOD - [2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2011/07/06 11:20:08 | 000,280,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/19 03:11:02 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2008/04/13 20:11:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- -- (SDScannerService)
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [Disabled | Stopped] -- -- (odserv)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/07/13 17:43:32 | 000,062,928 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/05/28 14:46:56 | 000,351,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 11:20:10 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/12 13:50:50 | 000,163,648 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Password Folder\pffilter.sys -- (PfFilter)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/06/03 11:07:18 | 000,013,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2010/03/12 18:41:16 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/28 22:13:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/18 23:19:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/03 19:20:44 | 000,057,472 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WipeFile.sys -- (WipeFile)
DRV - [2005/07/03 20:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/14 17:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/25 02:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/12/24 02:43:38 | 000,253,440 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.search...10101045100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search...ernal.dnupdate", false);

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/19 03:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/02 20:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/24 09:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/25 00:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 00:25:21 | 000,000,000 | ---D | M]

[2009/08/21 18:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2009/08/21 18:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/07/19 09:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/09/27 19:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 01:58:39 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/26 09:47:09 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2010/10/26 15:44:59 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/04/01 10:19:17 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/10/26 15:39:15 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
[2010/10/26 15:46:48 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/09/20 11:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/01 10:18:16 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/04/01 10:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\[email protected]
[2010/10/26 15:22:07 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\[email protected]
[2010/04/01 10:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/04/01 10:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/04/18 12:32:07 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\searchplugins\bing-zugo.xml
[2009/12/12 16:31:02 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\searchplugins\fast-browser-search.xml
[2011/07/29 19:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 21:00:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/22 21:28:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/27 23:57:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/15 11:50:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/03 13:07:37 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/30 11:47:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logi\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TkBellExe1] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...1/uploader2.cab (UploadListView Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151823870390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 18:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\WINDOWS\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:02:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/03 11:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/03 11:02:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/03 11:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 12:01:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/30 11:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/29 13:33:58 | 004,157,735 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/07/28 14:42:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 09:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
[2011/07/26 22:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SbS&D2
[2011/07/26 22:11:13 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/26 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/07/26 11:11:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/25 18:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/07/25 00:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/25 00:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/25 00:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/25 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/25 00:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/25 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/24 16:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/07/23 13:49:41 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/22 17:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2011/07/21 09:43:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/21 09:40:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/21 09:40:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/21 09:40:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/21 09:40:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/21 09:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/21 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/21 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/20 22:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/07/20 10:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/19 19:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\QuickScan
[2011/07/19 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2011/07/19 11:27:49 | 000,638,976 | ---- | C] (ESET) -- C:\Documents and Settings\Compaq_Owner\My Documents\ESETUninstaller.exe
[2011/07/19 10:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/07/19 10:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/18 13:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2011/07/18 12:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RoboForm
[2011/07/14 21:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2011/07/08 10:15:42 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2011/07/07 19:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Oblivion

========== Files - Modified Within 30 Days ==========

[2011/08/03 12:50:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
[2011/08/03 12:46:52 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
[2011/08/03 12:43:08 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/03 12:40:50 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
[2011/08/03 12:40:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
[2011/08/03 12:40:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/03 12:40:24 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/03 12:40:24 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/03 12:40:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/08/03 12:40:24 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/08/03 12:40:24 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/08/03 12:40:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/03 12:39:52 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/03 12:39:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 11:02:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 22:50:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
[2011/08/01 03:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2011/08/01 02:30:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2011/07/31 01:53:27 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\because he first loved us.wps
[2011/07/30 17:00:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011/07/30 14:08:26 | 000,086,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Adams canoe Liability.pdf
[2011/07/30 11:47:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/30 11:19:18 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 00:24:19 | 984,002,890 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[gg]_Break_Blade_-_6_(720p)_[CE2109D6].mkv
[2011/07/30 00:14:57 | 396,186,631 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[UTW]_Appleseed_XIII_-_01_[h264-720p][20DC02D3].mkv
[2011/07/29 23:50:35 | 302,457,449 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[WhyNot] Mayo Chiki - 04 [E42FD76D].mkv
[2011/07/29 23:22:08 | 000,000,298 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/07/29 19:27:44 | 004,157,735 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/07/29 10:11:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/28 22:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 01:39:19 | 000,435,348 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110727-014402.backup
[2011/07/26 22:11:19 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/26 11:11:20 | 000,258,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTH.scr
[2011/07/25 00:26:51 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 00:25:11 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/24 16:48:09 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/24 16:48:09 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/07/24 16:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/07/24 00:23:16 | 000,000,438 | RHS- | M] () -- C:\boot.ini
[2011/07/23 13:50:56 | 000,181,557 | ---- | M] () -- C:\MGlogs.zip
[2011/07/22 17:36:05 | 002,419,140 | ---- | M] () -- C:\MGtools.exe
[2011/07/22 17:35:38 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.rar
[2011/07/21 17:33:44 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\rkill.scr
[2011/07/21 16:41:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110727-013919.backup
[2011/07/21 00:37:58 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr
[2011/07/21 00:31:32 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.exe
[2011/07/20 22:27:20 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer Troubleshooting.url
[2011/07/20 13:39:14 | 000,001,068 | -HS- | M] () -- C:\WINDOWS\0326178drv.spi
[2011/07/20 02:32:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/19 12:18:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/07/19 11:27:50 | 000,638,976 | ---- | M] (ESET) -- C:\Documents and Settings\Compaq_Owner\My Documents\ESETUninstaller.exe
[2011/07/18 11:34:04 | 000,147,644 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\mv44-mom.pdf
[2011/07/14 21:04:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011/07/14 21:03:56 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/14 15:20:52 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:57:22 | 049,089,992 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/07/13 18:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 00:11:08 | 000,001,209 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Show Desktop.lnk
[2011/07/10 20:21:28 | 000,000,005 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2011/07/10 20:21:28 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2011/07/08 10:18:19 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/03 11:02:16 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 14:08:26 | 000,086,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Adams canoe Liability.pdf
[2011/07/29 23:50:35 | 396,186,631 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[UTW]_Appleseed_XIII_-_01_[h264-720p][20DC02D3].mkv
[2011/07/29 23:28:40 | 984,002,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[gg]_Break_Blade_-_6_(720p)_[CE2109D6].mkv
[2011/07/29 23:28:40 | 302,457,449 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[WhyNot] Mayo Chiki - 04 [E42FD76D].mkv
[2011/07/26 22:33:51 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/26 22:33:50 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/26 22:33:49 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/26 22:11:19 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/26 22:11:19 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/25 00:26:51 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 00:25:11 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/24 16:48:09 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/24 16:48:09 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/07/23 13:49:43 | 000,181,557 | ---- | C] () -- C:\MGlogs.zip
[2011/07/23 11:42:18 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/07/22 17:37:14 | 002,419,140 | ---- | C] () -- C:\MGtools.exe
[2011/07/22 17:35:43 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.rar
[2011/07/22 10:11:17 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/22 10:11:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/21 17:33:46 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\rkill.scr
[2011/07/21 17:22:58 | 000,258,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTH.scr
[2011/07/21 09:44:01 | 000,000,392 | ---- | C] () -- C:\Boot.bak
[2011/07/21 09:40:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/21 09:40:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/21 09:40:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/21 09:40:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/21 09:40:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 00:38:02 | 000,579,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr
[2011/07/21 00:31:43 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.exe
[2011/07/20 22:27:20 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer Troubleshooting.url
[2011/07/20 13:35:29 | 000,001,068 | -HS- | C] () -- C:\WINDOWS\0326178drv.spi
[2011/07/20 02:32:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/19 12:18:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/07/18 11:21:11 | 000,147,644 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\mv44-mom.pdf
[2011/07/14 21:24:17 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2011/07/14 21:04:57 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011/07/14 21:03:56 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/11 00:11:08 | 000,001,209 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Show Desktop.lnk
[2011/03/31 10:05:29 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/03/31 10:05:29 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/29 10:46:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/29 10:45:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/02/06 18:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/06 18:32:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/02/04 22:53:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/02/04 15:14:31 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/01/16 00:42:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\MyPhrases.dta
[2010/11/03 10:51:48 | 000,811,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/28 11:05:30 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/10/28 11:05:30 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/10/02 19:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2010/09/02 18:35:49 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\bdfvconp.ini
[2010/07/31 18:00:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010/07/28 22:30:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/21 21:01:40 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/29 11:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\prvlcl.dat
[2010/01/04 13:51:28 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/22 21:44:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/18 01:30:18 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2009/11/08 20:25:00 | 000,075,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/29 21:16:33 | 000,000,212 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/01/07 21:54:56 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/01 17:08:19 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/12/02 09:59:16 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/02 09:59:16 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/12/02 09:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/09 01:04:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/13 15:50:16 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 17:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/03/03 19:20:44 | 000,057,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\WipeFile.sys
[2006/07/02 03:03:47 | 049,089,992 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2006/07/01 18:15:58 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/05/30 23:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/04 17:51:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/09 22:19:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/09 21:56:28 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/09 21:55:28 | 000,012,967 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/09 21:55:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/09 21:50:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/09 21:46:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/09 21:46:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/09 21:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/09 21:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/09 21:46:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/09 21:46:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/09 21:41:58 | 000,000,298 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/09 21:38:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/11/09 21:36:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/11/09 21:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/11/09 21:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/11/09 21:35:15 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/11/09 21:34:53 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/09 21:26:22 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/09 21:22:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 09:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/24 19:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 18:43:44 | 000,445,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 18:43:44 | 000,072,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 18:42:06 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 18:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 18:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/06/18 11:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 18:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/05 11:45:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb-run.sys
[2001/08/23 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2008/07/19 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/06 20:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2006/07/01 18:16:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/12/20 21:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/02 20:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/31 10:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/25 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2011/02/06 18:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/25 19:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/07/28 17:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/09/20 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/07/20 13:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/11 22:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/26 23:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2011/07/22 17:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/02 02:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weskysoft
[2010/04/05 09:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 10:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/02 09:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/19 16:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2011/04/18 11:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\adma
[2010/04/21 03:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BackOff
[2010/09/26 23:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BitDefender
[2011/07/30 01:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
[2009/11/19 18:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BSD
[2008/12/20 21:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools
[2008/12/20 21:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Lite
[2010/03/14 04:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Pro
[2010/09/26 23:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ESET
[2011/04/20 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FileZilla
[2011/07/19 12:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2006/06/23 21:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2011/06/06 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2011/07/22 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IrfanView
[2011/06/05 20:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2006/09/30 12:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/11/18 00:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Music Recognition
[2010/12/16 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia
[2010/02/25 19:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia Ovi Suite
[2010/09/23 19:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2009/11/22 02:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Opera
[2010/12/15 21:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
[2011/07/19 19:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QuickScan
[2009/11/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ringtone
[2011/07/18 12:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\RoboForm
[2005/11/09 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2008/12/01 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SendSpace Wizard
[2009/01/07 21:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2009/03/02 15:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird
[2010/11/17 00:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Trillian
[2011/01/16 01:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TypingMaster7
[2011/01/01 18:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\vghd
[2011/02/18 10:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VideoStream
[2010/02/26 15:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Windows Search
[2011/07/30 17:00:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_AutoUpdate.job
[2011/08/03 12:40:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/08/03 12:40:24 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/01 02:30:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
[2011/08/03 12:40:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
[2011/08/03 12:40:24 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/03 12:39:52 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/01 03:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2011/08/03 12:40:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/08/03 12:46:52 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/07/07 13:37:13 | 000,002,581 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\Desktop\__ ?????? __ The Grace Korean Presbyterian Church.lnk) -- C:\Documents and Settings\Compaq_Owner\Desktop\__ 뉴욕한민교회 __ The Grace Korean Presbyterian Church.lnk
[2011/03/03 19:05:51 | 000,002,581 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\Desktop\__ ?????? __ The Grace Korean Presbyterian Church.lnk) -- C:\Documents and Settings\Compaq_Owner\Desktop\__ 뉴욕한민교회 __ The Grace Korean Presbyterian Church.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\rkill.com:SummaryInformation
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\SelfHelpControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\OGACheckControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\MGADiag.exe:BDU

< End of report >

#42
sempai

Posted 03 August 2011 - 11:15 PM

Trusted Helper

Malware Removal
785 posts

Hi,

Logs are clean so we can now start fixing all the remaining problems.

Please uninstall and then reinstall the following:

iPod
Spybot - Search & Destroy 2

Note: Spybot - Search & Destroy 2 is still a beta, if you're not a beta tester and not interested to participate on its development then you must install the stable version which is version 1.6.2. You can get it in here: http://www.safer-net...otsd/index.html

#43
nycmon

Posted 04 August 2011 - 08:49 PM

Member

Topic Starter
Member
29 posts

Hi,

uninstalled and reinstalled Itunes. Uninstalled Spybot & opted to use the Malwarebyte's Pro Trial version instead.
May I ask which, in your personal opinion, you think is better... Malwarebyte pro or Eset Nod32?
Thank you!

Edited by nycmon, 04 August 2011 - 08:49 PM.

#44
sempai

Posted 05 August 2011 - 05:03 AM

Trusted Helper

Malware Removal
785 posts

Hi,

MBAM and ESET Nod32 are two different product, MBAM is not an anti virus product so you can install them both at the same time. But if your only looking for anti virus then ESET Nod32 is a good choice.

Any more problems in your computer?

#45
nycmon

Posted 05 August 2011 - 12:16 PM

Member

Topic Starter
Member
29 posts

Hi,

I was asking about the MBAM Pro version which is a paid version offering real time protection and AV protection... At least that is what i thought.... So it is not an AV? Since it does offer a trial I am testing it out before purchase. However, if it is not an AV I guess I would have to install both...

I have reinstalled Advanced System Care and have uninstalled /reinstalled all previously affected programs. I have also deleted previous System Restore points.

Only issue I seem to be haviong is the lag with anything associated with the desktop. If I try to save anything to the desktop such as shotcuts etc it lags for a few minutes. Same when I empty the recycle bin or delete files from the hard drive. It also has the same lag whenever I try to open My Computer folder. I don't know if these have anything to do with the previous infection or not.

Also I can't seem to install .Net framework updates from Windows Update. The update site will say the updates were successful but the Automatic Update program on the pc keeps telling me they are ready for installation. I seem to be having trouble with the .Net framework updates only since all others install without any problems. Is it possible the >net Framework is infected or corrupted?

I don't know if that is something you can help me with or not, but either way you have really been a lifesaver!

Thank you!

Edited by nycmon, 05 August 2011 - 12:20 PM.