Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Olmarik.ajl trojan help?

Started by fleggy1 , Jul 27 2011 02:08 PM

  • This topic is locked This topic is locked

#1
fleggy1
Posted 27 July 2011 - 02:08 PM

fleggy1

    Member

  • Member
  • PipPip
  • 52 posts
Hey my Nod 32 has picked up the forenamed trojan and cant get rid of it, it says its in the MBR sector of the 1. physical disk can anyone help me please :) currently running malwarebytes scan

thanks
  • 0

Advertisements

#2
Essexboy
Posted 27 July 2011 - 02:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a looksee

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
fleggy1
Posted 27 July 2011 - 03:02 PM

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
there u go

OTL logfile created on: 27/07/2011 21:45:47 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\my comp\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 36.92% Memory free
5.85 Gb Paging File | 5.04 Gb Available in Paging File | 86.20% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.68 Gb Free Space | 21.05% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 135.68 Gb Free Space | 91.03% Space Free | Partition Type: NTFS
Drive E: | 38.34 Gb Total Space | 5.22 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

Computer Name: CHRIS-COMPUTER | User Name: my comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 21:44:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\my comp\My Documents\Downloads\OTL.exe
PRC - [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 12:45:35 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Documents and Settings\my comp\Desktop\programmes\anti-malware\aswMBR.exe
PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\Nvidia Corporation\System Update\UpdateCenterService.exe
PRC - [2009/09/10 18:14:18 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/01/09 04:15:22 | 000,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 09:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2007/12/21 09:21:06 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/25 23:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\KMProcess.exe
PRC - [2007/09/17 22:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\KMConfig.exe
PRC - [2007/08/18 18:17:34 | 000,020,480 | ---- | M] (BackWeb Technologies Inc. ) -- C:\Documents and Settings\my comp\Local Settings\Temp\bwgo0000e147.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/29 16:40:48 | 000,360,096 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2007/03/06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/11/23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/01/10 10:35:16 | 000,073,728 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2004/11/15 12:49:54 | 000,098,304 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2004/04/02 15:11:54 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 21:44:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\my comp\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (CA Personal Firewall ASEM)
SRV - File not found [Disabled | Stopped] -- -- (ASKService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2011/05/15 21:02:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/09/10 18:14:18 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/23 19:52:31 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/01/09 04:15:22 | 000,419,448 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe -- (a2free)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/12/21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/05/29 16:40:48 | 000,360,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2002/07/17 03:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 22:52:53 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzi3otqy.sys -- (uzi3otqy)
DRV - [2009/08/31 10:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/06/21 15:18:18 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/05/18 17:31:21 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/04/23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/03/18 12:34:44 | 001,512,960 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/14 01:11:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/12/21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/12/21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/17 07:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/15 20:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/29 18:18:10 | 000,167,566 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kUSB.sys -- (Ch2kUSB)
DRV - [2006/04/28 09:59:10 | 000,072,149 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kUSBm.sys -- (Ch2kUSBM)
DRV - [2006/03/13 17:50:08 | 000,085,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex)
DRV - [2006/03/13 17:50:06 | 000,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 17:50:02 | 000,096,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm)
DRV - [2006/03/13 17:50:00 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl)
DRV - [2006/03/13 17:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2006/02/13 16:21:08 | 000,053,205 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M) Cherry PS/2 Mouse Driver (CDI)
DRV - [2005/10/26 14:48:46 | 000,134,446 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kPS2.sys -- (Ch2kPS2) Cherry PS/2 Keyboard Driver (CDI)
DRV - [2004/08/03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/14 05:09:20 | 000,244,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/06/29 07:05:00 | 000,654,508 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/04/11 21:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/02/13 19:27:30 | 000,166,419 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/13 19:26:54 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/13 19:20:46 | 000,594,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2001/08/09 19:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://searchbox.digsby.com/ie
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\my comp\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 01:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/07/17 22:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Extensions
[2011/01/18 09:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions
[2009/08/03 03:07:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 01:41:18 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010/11/09 23:06:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\[email protected]
[2010/02/08 01:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2009/12/22 10:48:02 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\searchplugins\fast-browser-search.xml
[2011/04/29 17:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/04/14 18:41:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 01:31:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/29 17:50:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - File not found
O3 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - File not found
O4 - HKLM..\Run: [CookiePatrol] c:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KMConfig] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] c:\Program Files\PestPatrol\PPControl.exe (Computer Associates International)
O4 - HKLM..\Run: [PPMemCheck] c:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKU\S-1-5-21-1762929963-343237184-427782826-1012..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1762929963-343237184-427782826-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/o...utodetectNT.cab (SiS_OCX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1222901820750 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168702453640 (MUWebControl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://sun.jerseyins...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} http://www.blogtv.co...ct/launcher.cab (LauncherV1 Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (ZoneChess Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\my comp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\my comp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/22 02:11:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 04:39:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\my comp\Recent
[2011/07/18 22:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/07/17 16:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/07/15 23:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Guild Wars
[2009/01/08 05:04:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\my comp\Application Data\pcouffin.sys
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 21:43:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\MBR.dat
[2011/07/27 21:08:09 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 20:56:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 20:33:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/27 20:31:42 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC28CB49-F5E1-4C7A-A639-4E1026F831E0}.job
[2011/07/27 20:31:21 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 20:30:05 | 000,131,554 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/27 20:29:59 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 20:29:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 22:01:25 | 000,099,011 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Image.jpg
[2011/07/22 22:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/19 14:10:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/18 22:46:47 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\The Lord of the Rings Online.lnk
[2011/07/18 03:54:02 | 000,000,256 | RHS- | M] () -- C:\boot.ini
[2011/07/17 16:39:48 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/16 12:02:08 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2011/07/14 15:07:00 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\Spotify.lnk
[2011/07/13 04:27:21 | 003,612,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/08 02:59:17 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\my comp\Desktop\untitled.bmp
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/30 22:13:18 | 000,536,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 22:13:18 | 000,100,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 21:43:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\MBR.dat
[2011/07/25 22:01:24 | 000,099,011 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\Image.jpg
[2011/07/18 22:46:47 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\The Lord of the Rings Online.lnk
[2011/07/15 23:11:29 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2011/07/14 15:06:59 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\my comp\Start Menu\Programs\Spotify.lnk
[2011/07/08 02:59:16 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\untitled.bmp
[2011/07/01 18:11:48 | 000,088,692 | ---- | C] () -- C:\Documents and Settings\my comp\Desktop\MinecraftLauncher.jar
[2011/05/29 22:52:53 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzi3otqy.sys
[2011/04/29 12:59:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/26 23:43:49 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\RSBot_Accounts.ini
[2010/11/07 02:01:10 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2010/11/07 01:59:17 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/08/07 11:29:03 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 00:30:17 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\RSBot Accounts.ini
[2009/12/30 18:41:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/30 18:41:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/12/30 18:40:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\$_hpcst$.hpc
[2009/09/13 23:47:34 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\setup_ldm.iss
[2009/08/21 17:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 21:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009/07/08 00:55:12 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/06/21 15:18:18 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/06/11 15:29:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/06 23:13:49 | 000,005,469 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.INI
[2009/05/06 23:13:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GRAPPLER.INI
[2009/05/06 23:13:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TSCFM.INI
[2009/05/06 22:53:55 | 000,000,351 | ---- | C] () -- C:\WINDOWS\TSCTVFM.INI
[2009/05/06 22:53:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\TSCTV.INI
[2009/05/06 22:53:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI
[2009/03/02 02:07:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mshearts.exe
[2009/03/02 02:07:38 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\winmine.exe
[2009/03/02 02:07:38 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\sol.exe
[2009/03/02 02:07:37 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\freecell.exe
[2009/02/07 21:19:10 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/02/04 02:00:51 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\EpfwUser.dat
[2009/02/03 22:08:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.BIN
[2009/01/18 20:12:43 | 000,300,032 | ---- | C] () -- C:\WINDOWS\unin0411.exe
[2009/01/08 05:04:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\inst.exe
[2009/01/08 05:04:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\pcouffin.cat
[2009/01/08 05:04:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\pcouffin.inf
[2008/11/28 01:21:29 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\SamsungLiveUpdateConfig.ini
[2008/11/11 22:08:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/11/09 11:37:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/04 17:27:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/02 14:13:37 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/02 14:07:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/22 00:16:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/10/20 01:25:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2008/10/08 00:07:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/02 22:31:08 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\fusioncache.dat
[2008/10/02 21:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/10/02 19:41:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/10/02 19:41:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008/10/02 18:59:53 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/02 00:49:10 | 000,538,624 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2008/08/26 01:32:19 | 000,035,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/17 11:56:19 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/08/06 09:53:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/19 15:01:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/07/19 14:45:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/07/18 21:07:39 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/07/17 16:16:56 | 000,360,096 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe
[2008/07/17 16:16:48 | 000,048,800 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2008/07/17 16:16:46 | 001,969,824 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe
[2008/07/17 16:16:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2008/07/17 16:16:45 | 000,102,048 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2008/07/17 16:16:39 | 000,007,341 | ---- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2008/07/17 16:16:38 | 000,007,633 | ---- | C] () -- C:\WINDOWS\System32\Vista.ini
[2008/07/17 16:16:37 | 000,013,951 | ---- | C] () -- C:\WINDOWS\System32\Photoshop Elements.ini
[2008/07/17 16:16:35 | 000,010,361 | ---- | C] () -- C:\WINDOWS\System32\PhotoImpact XL SE.ini
[2008/07/17 16:16:34 | 000,000,574 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2008/07/17 16:16:32 | 000,006,386 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2008/07/01 21:25:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/06/28 22:07:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\iRODUninstall.exe
[2008/06/28 21:32:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SkycarUninstall.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/04 18:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008/04/05 20:50:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/05 20:31:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/03/30 13:39:15 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/30 13:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/04 19:34:25 | 000,000,360 | ---- | C] () -- C:\WINDOWS\STORMWIN.INI
[2008/03/04 19:34:08 | 000,006,464 | ---- | C] () -- C:\WINDOWS\MOVEXE.EXE
[2008/03/04 19:28:03 | 000,002,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\ionex.sys
[2008/02/25 13:26:03 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\WavCodec.wff
[2008/02/17 01:47:44 | 000,000,147 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/02/07 12:08:29 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/09 08:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/09 08:23:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/09 08:23:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/09 08:23:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/09 08:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/09 08:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/09 08:23:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/09 08:23:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/01/09 08:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvwrseng.dll
[2008/01/09 08:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/12/21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/12/13 22:07:25 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/13 22:07:25 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\my comp\Application Data\PnkBstrK.sys
[2007/12/13 22:07:09 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/13 22:07:07 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/12/01 00:17:46 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\my comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 14:04:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/28 19:14:59 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/08/28 19:11:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2007/08/27 15:19:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/08/27 15:16:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/20 22:20:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/08/18 16:59:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2007/08/18 16:58:01 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2007/08/18 16:47:19 | 000,001,336 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/08/17 22:59:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/08/17 22:59:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/12 17:27:05 | 000,000,039 | ---- | C] () -- C:\WINDOWS\ideq32.ini
[2007/08/11 21:17:55 | 000,000,736 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2007/07/18 16:46:58 | 000,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2007/06/06 19:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/31 20:07:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/05/29 16:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/19 15:55:17 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/01/14 01:22:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/01/14 01:18:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/13 14:53:32 | 000,001,945 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/11 18:33:59 | 000,002,402 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\rasmontr.dll
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\rasrad.dll
[2004/08/04 13:00:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\rasmxs.dll
[2004/08/04 13:00:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\expand.exe
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/29 15:47:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/04/23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/03/22 08:53:32 | 000,001,490 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/22 08:53:05 | 000,536,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/22 08:53:05 | 000,100,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/22 08:53:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/22 03:16:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/22 03:13:17 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/03/22 02:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/03/22 02:32:41 | 000,000,491 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/03/22 02:26:19 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/03/22 02:25:48 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/03/22 02:25:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/03/22 02:14:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/22 02:07:22 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/22 01:59:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/22 01:58:05 | 003,612,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2008/09/04 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2010/03/08 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2009/04/12 10:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2009/01/08 03:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/04/10 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/07/06 23:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/05/16 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/10/08 00:00:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/16 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2009/06/08 17:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/05 15:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/08 01:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/08/07 11:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/11/04 02:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/08/16 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/12/21 21:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/02/24 18:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/29 15:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/12/20 00:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010/07/11 19:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/02/17 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/30 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/07 02:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/10/29 10:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/10/08 00:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/08/21 23:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2008/08/05 00:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/10 23:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/02/07 03:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/07 01:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/05/01 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/17 20:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/11/24 11:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/15 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/23 19:47:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/04/23 01:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/09 23:49:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2010/03/10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/07/26 15:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\.minecraft
[2009/04/11 00:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Acronis
[2008/08/10 13:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Atari
[2011/06/22 07:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Azureus
[2010/02/13 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Canon
[2011/05/16 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Colibri Games
[2009/08/30 12:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\com.adobe.ExMan
[2010/03/20 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/13 01:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Crayon Physics Deluxe
[2009/06/08 17:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\DAEMON Tools Lite
[2009/06/08 17:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\DAEMON Tools Pro
[2009/02/17 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Deckadance
[2009/10/05 15:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ESET
[2010/04/03 16:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Facebook
[2011/05/26 00:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\FrostWire
[2009/10/29 00:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\gtk-2.0
[2003/03/22 02:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\InterTrust
[2008/07/18 02:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\KlipFolio
[2008/07/01 21:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Leadertech
[2009/07/13 01:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ManyCam
[2008/10/12 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\MarmaladeCvs
[2008/03/14 15:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\NCH Swift Sound
[2011/05/14 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Notepad++
[2009/12/30 18:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\PC Suite
[2009/10/07 02:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Propellerhead Software
[2009/12/30 18:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Samsung
[2008/10/08 00:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\ScanSoft
[2009/07/17 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Sony
[2009/07/25 02:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SoundSpectrum
[2008/11/10 18:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SPORE
[2011/07/27 03:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Spotify
[2009/09/08 21:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Subversion
[2011/07/17 16:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\SystemRequirementsLab
[2010/07/11 19:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Tatara Systems
[2008/12/23 02:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\TeamViewer
[2008/06/18 00:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Teleca
[2007/12/21 01:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Template
[2009/01/23 19:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\TuneUp Software
[2009/05/24 10:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Valusoft
[2007/11/26 19:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Viewpoint
[2010/05/01 10:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Vso
[2008/10/02 09:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Windows Desktop Search
[2008/10/02 09:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Windows Search
[2008/07/17 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my comp\Application Data\Xilisoft Corporation
[2011/07/27 20:33:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/27 20:31:42 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC28CB49-F5E1-4C7A-A639-4E1026F831E0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 01:31:29 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 01:31:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F

< End of report >

Attached Files


  • 0

#4
Essexboy
Posted 27 July 2011 - 03:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your MBR does not appear infected - but lets get a second opinion

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1762929963-343237184-427782826-1012\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    [2009/12/22 10:48:02 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\my comp\Application Data\Mozilla\Firefox\Profiles\hm07l7eh.default\searchplugins\fast-browser-search.xml

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
fleggy1
Posted 27 July 2011 - 03:59 PM

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
erm dude its fixed now thanks to the tds killer :) do you still want me to post logs? thank you for you help :unsure:
  • 0

#6
Essexboy
Posted 28 July 2011 - 10:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please as I would like to see the variant, plus do you have any further problems
  • 0

#7
Essexboy
Posted 01 August 2011 - 11:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Essexboy
Posted 16 August 2011 - 12:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#9
fleggy1
Posted 16 August 2011 - 01:17 PM

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
There you go :)

Attached Files


  • 0

#10
Essexboy
Posted 16 August 2011 - 01:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good, it was an older TDL4 variant, any problems at all now ?
  • 0

#11
fleggy1
Posted 16 August 2011 - 01:39 PM

fleggy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ahh and nope none at all =] thanks very much
  • 0

#12
Essexboy
Posted 16 August 2011 - 02:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get you tidied up now then

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0

#13
Essexboy
Posted 17 August 2011 - 12:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP