Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BiFrost Trojan

Started by kotaishi , Jul 30 2011 06:50 AM

This topic is locked

#1
kotaishi

Posted 30 July 2011 - 06:50 AM

Member

Member
10 posts

Hey,help is greatly appreciated reply soon as possible! I've had this issue for at least a day or 2 on my computer, i think i got it form downloading a theme for windows XP. Anyways when i downloaded it my pc was running fine as normal but then afterwards this error continuously popped up saying "This assembly is protected by a unregistered version of Eziri's ".NET REACTOR"!" When ever i click ok it just reappears constantly and wont go away if i end process with windows task manager and it constantly continues to add more errors, that AND i beleive it changes its name constantly when i first got the virus it was server.exe then it changed to explorer.exe(for a while) then changed to svchost.exe.I went on multiple sites for help none in which has helped me as of yet. While waiting i went and downloaded some free virus scanner sin hopes that it would fix my problem. it fount some other random problems in which got fixed but not the Trojan. I went and ran spybot to help me figure out where it was i did eventually or atleast i think i did. I went into registry Editor and searched server.exe and deleted it since i know for a fact My Windows XP has no server.exe file. Then i removed server.exe off of start up programs since it was running as soon as i started up with windows. And i attempted to use safe mode but when i do it stays frozen for a while then finishes, then after that it starts windows normally. I've run out of ideas and have no idea what to do next to battle this trojan.

Heres the OTL log

OTL logfile created on: 7/30/2011 5:17:07 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Tech\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 192.26 Mb Available Physical Memory | 37.70% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.61 Gb Free Space | 50.49% Space Free | Partition Type: NTFS

Computer Name: ROBINSON | User Name: Tech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 09:03:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/04/16 07:43:40 | 000,580,096 | RHS- | M] (Microsoft) -- C:\WINDOWS\win32\server.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

========== Modules (SafeList) ==========

MOD - [2011/07/30 09:03:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LXCGCustomerConnect)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 16:29:13 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/12/06 09:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/02/10 12:01:00 | 003,428,588 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/29 04:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 04:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/06/19 01:21:36 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 16:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 16:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 16:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001/08/17 14:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 57 20 8D 50 4D CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll ( )
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxVersions\version-f93a5a6aa7924fae\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 08:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/29 19:49:27 | 000,000,000 | ---D | M]

[2011/07/30 16:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Extensions
[2011/07/11 01:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/03 23:14:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/14 07:27:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/28 21:16:51 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2010/07/01 03:53:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/06 05:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/01/28 17:49:36 | 000,062,976 | ---- | M] (<NHN USA Inc>.) -- C:\Program Files\mozilla firefox\plugins\uc_sfighters_launching.dll
[2010/04/28 21:17:02 | 000,001,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/06/28 01:44:30 | 000,181,088 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
O1 - Hosts: 127.0.0.1 dl.aaascreensavers.com
O1 - Hosts: 127.0.0.1 abcsearch.com
O1 - Hosts: 127.0.0.1 admin.abcsearch.com
O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 127.0.0.1 www.abcsearch.com
O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 127.0.0.1 www.actualnames.com
O1 - Hosts: 127.0.0.1 ad-up.com
O1 - Hosts: 127.0.0.1 www.ad-up.com
O1 - Hosts: 127.0.0.1 adatom.com
O1 - Hosts: 127.0.0.1 aesp.adatom.com
O1 - Hosts: 127.0.0.1 adbest.com
O1 - Hosts: 127.0.0.1 adserv.adbonus.com
O1 - Hosts: 127.0.0.1 www.adbonus.com
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 www.adcept.net
O1 - Hosts: 127.0.0.1 adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcopy.info
O1 - Hosts: 5232 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - Reg Error: Value error. File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (LivingPlay) - {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} - C:\Program Files\LivingPlay Games\lplaytl.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\win32\server.exe (Microsoft)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\win32\server.exe (Microsoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\win32\server.exe (Microsoft)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\win32\server.exe (Microsoft)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: FreshDownload - {D7EED146-8E35-46B9-B981-04FBFA077A5B} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1154298186734 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...0.16/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/installer.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\StillImage: DllName - C:\WINDOWS\system32\k6pm0g71e6.dll - C:\WINDOWS\system32\k6pm0g71e6.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 12:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 16:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\FCTB000060231
[2011/07/30 16:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Dogpile Bundle Toolbar
[2011/07/30 16:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Dogpile Bundle Toolbar
[2011/07/30 16:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\LivingPlay Games
[2011/07/30 09:03:32 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTL.exe
[2011/07/30 08:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Malwarebytes
[2011/07/30 08:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Mozilla
[2011/07/29 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/29 23:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\IObit
[2011/07/29 21:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Administrative Tools
[2011/07/29 21:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\Back Up Folder
[2011/07/29 20:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/07/29 20:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Walgreens
[2011/07/29 20:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\lol
[2011/07/29 16:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\PriceGong
[2011/07/29 14:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\InstallShield
[2011/07/28 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for RelevantKnowledge
[2011/07/28 14:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\GetFunGames
[2011/07/28 13:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/07/28 13:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\WhiteSmoke
[2011/07/28 13:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\WhiteSmoke_Bar
[2011/07/28 13:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar
[2011/07/28 13:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke
[2011/07/28 13:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Real
[2011/07/28 03:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Google Chrome
[2011/07/28 03:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\CallingID
[2011/07/28 03:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Google
[2011/07/28 03:23:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\PrivacIE
[2011/07/27 20:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\Lostsaga_screenshot
[2011/07/27 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Conduit
[2011/07/27 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Temp
[2011/07/27 08:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Lost Saga
[2011/07/26 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\BitTorrentBar
[2011/07/26 22:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\ConduitEngine
[2011/07/26 18:05:26 | 000,000,000 | ---D | C] -- C:\gPotato
[2011/07/24 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\OGPlanet
[2011/07/24 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2011/07/24 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\OGPlanet Games
[2011/07/21 11:51:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Videos
[2011/07/21 11:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Roblox
[2011/07/21 11:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxVersions
[2011/07/21 11:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxDownloads
[2011/07/21 11:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Roblox
[2011/07/20 22:04:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tech\My Documents\Mabinogi
[2011/07/20 12:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\xF-GunZx
[2011/07/20 12:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\FreestylersWorld Entertainment
[2011/07/20 12:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\blah
[2011/07/18 18:17:02 | 000,000,000 | ---D | C] -- C:\SG Interactive
[2011/07/15 00:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\gPotato
[2011/07/15 00:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\gpotato
[2011/07/14 14:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\PMB Files
[2011/07/14 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Three Rings Design
[2011/07/14 13:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Sun
[2011/07/13 11:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\alaplaya
[2011/07/12 18:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\NeopleLauncherDFO
[2011/07/12 09:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\UNL
[2011/07/12 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Scarlet Weather Rhapsody
[2011/07/12 09:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\SWR
[2011/07/11 01:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\WinRAR
[2011/07/11 01:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\IN
[2011/07/11 01:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Google
[2011/07/11 01:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Adobe
[2011/07/11 01:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\Downloads
[2011/07/11 01:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla
[2011/07/11 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\PageRage
[2011/07/11 00:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\comcasttb
[2011/07/11 00:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Apple Computer
[2011/07/11 00:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Logitech
[2011/07/11 00:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\PCToolsFirewallPlus
[2011/07/11 00:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\SupportSoft
[2011/07/11 00:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Identities
[2011/07/11 00:54:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Pictures
[2011/07/11 00:54:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Music
[2011/07/11 00:54:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\IETldCache
[2011/07/11 00:53:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tech\Application Data\Microsoft
[2011/07/11 00:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\SendTo
[2011/07/11 00:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\Recent
[2011/07/11 00:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\Application Data
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Favorites
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Accessories
[2011/07/11 00:53:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\Cookies
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\Templates
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\PrintHood
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\NetHood
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\Local Settings
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Macromedia
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop
[2011/07/07 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/07/07 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/07/06 22:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/06/27 06:06:53 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2009/01/17 16:16:22 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 17:16:45 | 000,000,721 | -H-- | M] () -- C:\Documents and Settings\Tech\Application Data\logs.dat
[2011/07/30 16:59:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018UA.job
[2011/07/30 16:53:24 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 16:53:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 16:53:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/30 16:53:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 16:49:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 09:03:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTL.exe
[2011/07/30 08:45:27 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 08:11:51 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011/07/30 08:03:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/30 08:03:29 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/30 04:59:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018Core.job
[2011/07/29 23:07:04 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/29 21:48:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tech\defogger_reenable
[2011/07/29 17:12:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2011/07/29 16:51:40 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 14:06:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/28 03:26:36 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2011/07/28 03:26:36 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/27 21:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 08:51:31 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\OGPlanet.lnk
[2011/07/27 08:51:14 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Lost Saga.lnk
[2011/07/23 17:15:57 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Play Roblox.lnk
[2011/07/23 12:26:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 12:56:04 | 000,000,031 | ---- | M] () -- C:\WINDOWS\GunzLauncher.INI
[2011/07/15 05:03:57 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/15 03:03:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/15 00:24:10 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\TalesRunner.lnk
[2011/07/11 05:41:04 | 000,472,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 05:41:04 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 00:54:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 00:54:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 08:45:27 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 08:03:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/30 08:03:29 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/30 08:03:28 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/29 23:07:04 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/29 21:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tech\defogger_reenable
[2011/07/29 16:51:40 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 13:52:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/07/28 13:47:20 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/28 13:47:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/28 03:26:36 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2011/07/28 03:26:36 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/27 08:51:14 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Lost Saga.lnk
[2011/07/24 21:30:46 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\OGPlanet.lnk
[2011/07/21 11:45:37 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Play Roblox.lnk
[2011/07/15 03:03:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/15 00:24:10 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\TalesRunner.lnk
[2011/07/11 01:49:27 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018UA.job
[2011/07/11 01:49:26 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018Core.job
[2011/07/11 00:54:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 00:54:47 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Internet Explorer.lnk
[2011/07/11 00:54:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/11 00:53:49 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Remote Assistance.lnk
[2011/02/21 04:43:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2011/02/05 22:31:51 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/05 22:31:50 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/01/17 15:45:06 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/01/17 15:44:41 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/01/17 15:44:24 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/01/03 23:12:46 | 000,001,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/04 09:08:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2010/08/17 07:52:32 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/17 07:49:39 | 000,000,318 | ---- | C] () -- C:\WINDOWS\uul°3 Ver 4.INI
[2010/08/12 12:12:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/12 12:12:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/07/15 03:58:08 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/05/03 02:03:12 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/03 02:03:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/03 02:03:12 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/03 02:03:11 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/01/18 21:19:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008/09/22 04:05:14 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/08/31 23:17:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2008/07/20 21:45:28 | 000,000,449 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/20 17:18:05 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2008/05/24 18:45:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/02/10 03:41:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2008/01/18 22:53:29 | 000,000,872 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/01/18 22:53:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2008/01/18 22:51:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/21 22:05:48 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/03/29 18:46:19 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/20 14:24:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/02/08 18:47:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/19 16:22:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/16 15:20:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\pvqobo.dat
[2006/09/06 04:00:31 | 000,000,308 | ---- | C] () -- C:\WINDOWS\em06y.ini
[2006/08/14 23:44:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/16 06:38:19 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\dr.exe
[2006/07/16 06:37:52 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\mc-110-12-0000137.exe
[2006/06/26 16:09:36 | 000,234,117 | R-S- | C] () -- C:\WINDOWS\System32\k6pm0g71e6.dll
[2006/06/21 22:47:30 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\w016c871.ini
[2006/06/21 22:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\keyboard1.dat
[2006/06/15 06:01:48 | 000,003,858 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/06/13 22:47:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/06/11 04:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\taskkill.exe
[2006/05/20 09:20:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\atechloc.ini
[2006/05/20 09:20:41 | 000,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini
[2006/04/21 12:15:54 | 000,002,097 | ---- | C] () -- C:\Program Files\folder.js
[2006/04/07 23:49:08 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/04/07 23:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/07 23:48:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/04/07 23:48:17 | 000,002,188 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/04/07 23:48:06 | 000,001,142 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/04/07 23:48:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/04/07 23:48:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/04/07 23:48:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\mf322def.dat
[2006/04/07 23:47:51 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsi06.BIN
[2006/03/19 12:58:24 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/09 04:49:44 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/09 04:49:35 | 000,004,340 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/09 04:44:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/09 04:43:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/07 12:48:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/03/07 12:06:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/07 12:01:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/07 03:56:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/07 03:55:13 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/23 04:37:30 | 000,000,721 | -H-- | C] () -- C:\Documents and Settings\Tech\Application Data\logs.dat
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 12:52:00 | 000,472,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 12:51:54 | 000,084,602 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

========== LOP Check ==========

[2010/08/18 01:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/10 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/05/07 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2011/01/04 02:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/28 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2011/07/29 20:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/03/18 00:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa Lite
[2011/01/04 02:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/08/31 23:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/18 01:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/29 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/05 22:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2007/02/24 09:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/26 15:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/12 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/30 12:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ROBLOX
[2008/08/21 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads
[2007/02/27 04:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/23 02:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/05/07 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/07/29 19:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/30 16:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/30 00:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/10 00:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/04/01 23:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/01/03 21:25:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/30 00:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/04 03:54:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011/07/29 16:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\CallingID
[2011/07/28 17:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\comcasttb
[2011/07/30 16:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\FCTB000060231
[2011/07/29 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\IObit
[2011/07/12 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\NeopleLauncherDFO
[2011/07/11 00:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\PCToolsFirewallPlus
[2011/07/29 22:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\PriceGong
[2011/07/29 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\Walgreens
[2011/07/29 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\WhiteSmoke
[2006/04/16 05:34:49 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Tech\Application Data\win32

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2006/09/15 20:09:10 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/09/14 22:17:59 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch\MCROSO~1) -- C:\WINDOWS\АppPatch\MCROSO~1
[2006/07/21 17:23:42 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/07/21 17:23:42 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/07/18 02:52:50 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/07/18 02:52:50 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/06/22 19:04:47 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft\M?crosoft) -- C:\WINDOWS\Mіcrosoft\Mіcrosoft
[2006/06/22 13:04:42 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/06/22 13:04:16 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/06/21 22:40:04 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
(C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8B88761
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

Edited by kotaishi, 30 July 2011 - 04:18 PM.

#2
Render

Posted 02 August 2011 - 04:38 PM

Trusted Helper

Malware Removal
4,195 posts

Hi, kotaishi! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select No.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Step 3

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

When completed the above, please post back the following in the order asked for:

aswMBR log
Rootkit Unhooker
RKreport.txt

#3
kotaishi

Posted 02 August 2011 - 06:37 PM

Member

Topic Starter
Member
10 posts

Thanks Render, here's the logs you asked for in the order you wanted.
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-02 20:26:37
-----------------------------
20:26:37.500 OS Version: Windows 5.1.2600 Service Pack 3
20:26:37.500 Number of processors: 1 586 0x401
20:26:37.500 ComputerName: ROBINSON UserName: Tech
20:26:38.437 Initialize success
20:27:03.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:27:03.609 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
20:27:05.625 Disk 0 MBR read successfully
20:27:05.625 Disk 0 MBR scan
20:27:05.625 Disk 0 Windows XP default MBR code
20:27:05.625 Disk 0 scanning sectors +156232125
20:27:05.703 Disk 0 scanning C:\WINDOWS\system32\drivers
20:27:18.859 Service scanning
20:27:20.437 Modules scanning
20:27:29.812 Disk 0 trace - called modules:
20:27:29.828 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:27:29.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcdab8]
20:27:29.828 3 CLASSPNP.SYS[f8648fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fa8b00]
20:27:29.828 Scan finished successfully
20:28:21.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\My Documents\MBR.dat"
20:28:21.859 The log file has been saved successfully to "C:\Documents and Settings\Tech\My Documents\aswMBR.txt"

#4
kotaishi

Posted 02 August 2011 - 06:38 PM

Member

Topic Starter
Member
10 posts

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF72DF000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7133000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF83FC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF851C000 Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xEE739000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF70AD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE882000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC1F7000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF720A000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEE846000 C:\WINDOWS\system32\drivers\pctgntdi.sys 245760 bytes (PC Tools, PC Tools Generic TDI Driver)
0xECA42000 C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys 233472 bytes
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xEE706000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF85A9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF83CF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEC78C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE7D1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEE81E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7281000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xEE6E0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEC1A9000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 155648 bytes (PC Tools, PC Tools App Monitor Driver)
0xF71E6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF72A7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF724A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE7FC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF84C5000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84FD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEBDDF000 C:\WINDOWS\system32\drivers\pctplfw.sys 118784 bytes (PC Tools, PC Tools FW Plugin Driver)
0xF83B5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF84E5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF849C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF711C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEBDFC000 C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 86016 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0xEBB22000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF726D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF72CB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE8DB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8489000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF84B3000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8598000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF710B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEDBA3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF87B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8798000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF87D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF87C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEC041000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7D91000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8648000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8838000 C:\WINDOWS\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0xF87E8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8628000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8608000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xEE93E000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF8808000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8738000 C:\DOCUME~1\Tech\Local Settings\Temp\aswMBR.sys 45056 bytes
0xF8678000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF87A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8618000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF87F8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF85F8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7DC1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8658000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8828000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xEC7E7000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8638000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEE3DA000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8788000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEE3FA000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF8818000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7D51000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8688000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xEDC42000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF8940000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8960000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF88A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF88B0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8928000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEE243000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF8878000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88B8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF88D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8918000 C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys 24576 bytes (IObit.com, Registry Filter)
0xF88A0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8930000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8938000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8880000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88C0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF88F0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEB972000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xEEF0C000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF8A90000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEC4DF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8370000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8A08000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8A94000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEBC23000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEC101000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8368000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8AA8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEBB06000 C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys 12288 bytes (IObit.com, URL Filter)
0xF8AB8000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8B52000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B50000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8AFC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8AF8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B54000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B1E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B56000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B36000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B4E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8AFA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BEF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D0C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C57000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BC0000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [BrUsbScn.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [CAMTHWDM.sys]
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [BrUsbMdm.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [ialmnt5.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [BrScnUsb.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [e100b325.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ccdecode.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [FlyUsb.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [wstcodec.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [ADM8511.SYS]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [mfehidk.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [smwdm.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [mferkdk.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [wdfldr.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [mfebopk.sys]
WARNING: Virus alike driver modification [LHidFilt.Sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [LMouFilt.Sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [StMp3Rec.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [winusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [mfesmfk.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [wdf01000.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [mstee.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [usbaudio.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [brserwdm.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [L8042mou.Sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [senfilt.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [LMouKE.Sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [mfeavfk.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [nabtsfec.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]

#5
kotaishi

Posted 02 August 2011 - 06:38 PM

Member

Topic Starter
Member
10 posts

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tech [Admin rights]
Mode: Scan -- Date : 08/02/2011 20:34:04

Bad processes: 0

Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 ad2.adcept.net
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6
Render

Posted 02 August 2011 - 07:08 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please delete your copy of OTL.exe from your desktop and do the following:

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#7
kotaishi

Posted 02 August 2011 - 07:50 PM

Member

Topic Starter
Member
10 posts

OTL logfile created on: 8/2/2011 9:31:46 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Tech\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 187.77 Mb Available Physical Memory | 36.82% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 36.28 Gb Free Space | 48.70% Space Free | Partition Type: NTFS

Computer Name: ROBINSON | User Name: Tech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 21:28:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\My Documents\Downloads\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2011/08/02 21:28:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\My Documents\Downloads\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LXCGCustomerConnect)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 16:29:13 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/02/10 12:01:00 | 003,428,588 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/29 04:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 04:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/06/19 01:21:36 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 16:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 16:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 16:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001/08/17 14:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 57 20 8D 50 4D CC 01 [binary data]
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-527237240-682003330-725345543-1018\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.babylo...ffID=100537&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxVersions\version-f93a5a6aa7924fae\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/01 03:38:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/01 20:51:53 | 000,000,000 | ---D | M]

[2011/07/30 16:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Extensions
[2011/08/01 23:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\extensions
[2011/08/01 20:07:06 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2011/08/01 09:47:21 | 000,000,000 | ---D | M] (ShopToWin6) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\extensions\{e68d0d96-5f18-496c-87f2-c0d521d78fbe}
[2011/08/01 09:59:20 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\extensions\[email protected]
[2011/08/01 20:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2011/08/01 20:37:14 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\wgqov97i.default\searchplugins\iBryte_playbryte.xml
[2011/08/01 00:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/03 23:14:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/14 07:27:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/28 21:16:51 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TECH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGQOV97I.DEFAULT\EXTENSIONS\[email protected]
[2010/07/01 03:53:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/06 05:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/01/28 17:49:36 | 000,062,976 | ---- | M] (<NHN USA Inc>.) -- C:\Program Files\mozilla firefox\plugins\uc_sfighters_launching.dll
[2011/08/01 10:11:57 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/04/28 21:17:02 | 000,001,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/06/28 01:44:30 | 000,181,088 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
O1 - Hosts: 127.0.0.1 dl.aaascreensavers.com
O1 - Hosts: 127.0.0.1 abcsearch.com
O1 - Hosts: 127.0.0.1 admin.abcsearch.com
O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 127.0.0.1 www.abcsearch.com
O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 127.0.0.1 www.actualnames.com
O1 - Hosts: 127.0.0.1 ad-up.com
O1 - Hosts: 127.0.0.1 www.ad-up.com
O1 - Hosts: 127.0.0.1 adatom.com
O1 - Hosts: 127.0.0.1 aesp.adatom.com
O1 - Hosts: 127.0.0.1 adbest.com
O1 - Hosts: 127.0.0.1 adserv.adbonus.com
O1 - Hosts: 127.0.0.1 www.adbonus.com
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 www.adcept.net
O1 - Hosts: 127.0.0.1 adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcopy.info
O1 - Hosts: 5232 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - Reg Error: Value error. File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: FreshDownload - {D7EED146-8E35-46B9-B981-04FBFA077A5B} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\GameLink.dll (www.Easy2Game.com)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1154298186734 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...0.16/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/installer.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\StillImage: DllName - C:\WINDOWS\system32\k6pm0g71e6.dll - C:\WINDOWS\system32\k6pm0g71e6.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 12:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 20:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\RK_Quarantine
[2011/08/02 20:22:47 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tech\Desktop\TDSSKiller.exe
[2011/08/02 18:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phun
[2011/08/02 18:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Algodoo Phun Edition
[2011/08/02 18:24:11 | 005,537,138 | ---- | C] (Algoryx ) -- C:\Documents and Settings\Tech\Desktop\Phun_beta_5_28_win32.exe
[2011/08/02 08:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\DragonNest
[2011/08/02 08:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\New Folder
[2011/08/02 07:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\Rom
[2011/08/01 23:18:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\Recent
[2011/08/01 20:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\The Free YouTube Downloader
[2011/08/01 20:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\The Free YouTube Downloader
[2011/08/01 20:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\ApplicationHistory
[2011/08/01 19:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Google Chrome
[2011/08/01 10:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Babylon
[2011/08/01 10:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Babylon
[2011/08/01 10:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/08/01 09:29:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/08/01 01:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Adobe
[2011/08/01 01:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2011/07/31 05:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rumble Fighter
[2011/07/30 08:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Malwarebytes
[2011/07/30 08:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Mozilla
[2011/07/29 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/29 23:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\IObit
[2011/07/29 21:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Administrative Tools
[2011/07/29 21:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\Back Up Folder
[2011/07/29 20:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/07/29 20:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Walgreens
[2011/07/29 20:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\lol
[2011/07/29 16:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\PriceGong
[2011/07/29 14:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\InstallShield
[2011/07/28 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for RelevantKnowledge
[2011/07/28 14:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\GetFunGames
[2011/07/28 13:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/07/28 13:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\WhiteSmoke
[2011/07/28 13:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\WhiteSmoke_Bar
[2011/07/28 13:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar
[2011/07/28 13:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke
[2011/07/28 13:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Real
[2011/07/28 03:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\CallingID
[2011/07/28 03:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Google
[2011/07/28 03:23:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\PrivacIE
[2011/07/27 20:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\Lostsaga_screenshot
[2011/07/27 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Conduit
[2011/07/27 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Temp
[2011/07/27 08:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Lost Saga
[2011/07/26 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\BitTorrentBar
[2011/07/26 22:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\ConduitEngine
[2011/07/26 18:05:26 | 000,000,000 | ---D | C] -- C:\gPotato
[2011/07/24 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\OGPlanet
[2011/07/24 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2011/07/24 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\OGPlanet Games
[2011/07/21 11:51:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Videos
[2011/07/21 11:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Roblox
[2011/07/21 11:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxVersions
[2011/07/21 11:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\RobloxDownloads
[2011/07/21 11:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Roblox
[2011/07/20 12:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\FreestylersWorld Entertainment
[2011/07/19 11:25:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 18:17:02 | 000,000,000 | ---D | C] -- C:\SG Interactive
[2011/07/15 00:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\gPotato
[2011/07/15 00:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\gpotato
[2011/07/14 14:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\PMB Files
[2011/07/14 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Three Rings Design
[2011/07/14 13:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Sun
[2011/07/13 11:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\alaplaya
[2011/07/12 18:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\NeopleLauncherDFO
[2011/07/12 09:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\UNL
[2011/07/12 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Scarlet Weather Rhapsody
[2011/07/11 01:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\WinRAR
[2011/07/11 01:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Google
[2011/07/11 01:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Adobe
[2011/07/11 01:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\Downloads
[2011/07/11 01:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla
[2011/07/11 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\PageRage
[2011/07/11 00:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\comcasttb
[2011/07/11 00:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Apple Computer
[2011/07/11 00:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Logitech
[2011/07/11 00:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\PCToolsFirewallPlus
[2011/07/11 00:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\SupportSoft
[2011/07/11 00:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Identities
[2011/07/11 00:54:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Pictures
[2011/07/11 00:54:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents\My Music
[2011/07/11 00:54:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\IETldCache
[2011/07/11 00:53:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tech\Application Data\Microsoft
[2011/07/11 00:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\SendTo
[2011/07/11 00:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tech\Application Data
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\My Documents
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Favorites
[2011/07/11 00:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tech\Start Menu\Programs\Accessories
[2011/07/11 00:53:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tech\Cookies
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\Templates
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\PrintHood
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\NetHood
[2011/07/11 00:53:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tech\Local Settings
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Macromedia
[2011/07/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop
[2011/07/07 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/07/07 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/07/06 22:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/06/27 06:06:53 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2009/01/17 16:16:22 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 21:22:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018UA.job
[2011/08/02 20:55:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 20:44:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/02 20:43:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 20:43:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/08/02 20:43:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 20:28:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\MBR.dat
[2011/08/02 19:22:06 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018Core.job
[2011/08/02 18:24:44 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phun.lnk
[2011/08/02 18:24:14 | 005,537,138 | ---- | M] (Algoryx ) -- C:\Documents and Settings\Tech\Desktop\Phun_beta_5_28_win32.exe
[2011/08/02 08:05:14 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/08/02 07:12:39 | 2047,876,859 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\DragonNestSetupV05.exe
[2011/08/01 20:37:16 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\fusioncache.dat
[2011/08/01 19:19:46 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2011/08/01 19:19:46 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/01 09:19:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2011/08/01 08:40:54 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2011/08/01 03:38:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/31 05:06:31 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Rumble Fighter.lnk
[2011/07/30 08:45:27 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 08:11:51 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011/07/30 08:03:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/30 08:03:29 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/29 23:07:04 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/29 21:48:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tech\defogger_reenable
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tech\Desktop\TDSSKiller.exe
[2011/07/29 16:51:40 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/27 21:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 08:51:31 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\OGPlanet.lnk
[2011/07/27 08:51:14 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Lost Saga.lnk
[2011/07/23 17:15:57 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Play Roblox.lnk
[2011/07/23 12:26:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 12:56:04 | 000,000,031 | ---- | M] () -- C:\WINDOWS\GunzLauncher.INI
[2011/07/19 11:25:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/15 05:03:57 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/15 00:24:10 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\TalesRunner.lnk
[2011/07/11 05:41:04 | 000,472,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 05:41:04 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 00:54:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 00:54:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/02 20:28:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\MBR.dat
[2011/08/02 18:24:44 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phun.lnk
[2011/08/02 07:25:33 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/08/02 06:51:43 | 2047,876,859 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\DragonNestSetupV05.exe
[2011/08/01 20:37:16 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\fusioncache.dat
[2011/08/01 19:19:46 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2011/08/01 19:19:46 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/01 19:17:24 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018UA.job
[2011/08/01 19:17:23 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-682003330-725345543-1018Core.job
[2011/08/01 09:19:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2011/07/31 05:06:31 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Rumble Fighter.lnk
[2011/07/30 08:45:27 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 08:03:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/30 08:03:29 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/30 08:03:28 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/29 23:07:04 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/29 21:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tech\defogger_reenable
[2011/07/29 16:51:40 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 13:52:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/07/28 13:47:20 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/28 13:47:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-682003330-725345543-1018.job
[2011/07/27 08:51:14 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Lost Saga.lnk
[2011/07/24 21:30:46 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\OGPlanet.lnk
[2011/07/21 11:45:37 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Play Roblox.lnk
[2011/07/15 00:24:10 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\TalesRunner.lnk
[2011/07/11 00:54:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 00:54:47 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Internet Explorer.lnk
[2011/07/11 00:54:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tech\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/11 00:53:49 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Remote Assistance.lnk
[2011/02/21 04:43:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2011/02/05 22:31:51 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/05 22:31:50 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/01/17 15:45:06 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/01/17 15:44:41 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/01/17 15:44:24 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/01/03 23:12:46 | 000,001,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/04 09:08:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2010/08/17 07:52:32 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/17 07:49:39 | 000,000,318 | ---- | C] () -- C:\WINDOWS\uul°3 Ver 4.INI
[2010/08/12 12:12:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/12 12:12:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/07/15 03:58:08 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/05/03 02:03:12 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/03 02:03:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/03 02:03:12 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/03 02:03:11 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/01/18 21:19:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008/09/22 04:05:14 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/08/31 23:17:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2008/07/20 21:45:28 | 000,000,449 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/20 17:18:05 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2008/05/24 18:45:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/02/10 03:41:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2008/01/18 22:53:29 | 000,000,872 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/01/18 22:53:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2008/01/18 22:51:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/21 22:05:48 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/03/29 18:46:19 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/20 14:24:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/02/08 18:47:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/19 16:22:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/16 15:20:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\pvqobo.dat
[2006/09/06 04:00:31 | 000,000,308 | ---- | C] () -- C:\WINDOWS\em06y.ini
[2006/08/14 23:44:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/16 06:38:19 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\dr.exe
[2006/07/16 06:37:52 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\mc-110-12-0000137.exe
[2006/06/26 16:09:36 | 000,234,117 | R-S- | C] () -- C:\WINDOWS\System32\k6pm0g71e6.dll
[2006/06/21 22:47:30 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\w016c871.ini
[2006/06/21 22:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\keyboard1.dat
[2006/06/15 06:01:48 | 000,003,858 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/06/13 22:47:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/06/11 04:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\taskkill.exe
[2006/05/20 09:20:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\atechloc.ini
[2006/05/20 09:20:41 | 000,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini
[2006/04/21 12:15:54 | 000,002,097 | ---- | C] () -- C:\Program Files\folder.js
[2006/04/07 23:49:08 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/04/07 23:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/07 23:48:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/04/07 23:48:17 | 000,002,188 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/04/07 23:48:06 | 000,001,142 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/04/07 23:48:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/04/07 23:48:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/04/07 23:48:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\mf322def.dat
[2006/04/07 23:47:51 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsi06.BIN
[2006/03/19 12:58:24 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/09 04:49:44 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/09 04:49:35 | 000,004,340 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/09 04:44:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/09 04:43:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/07 12:48:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/03/07 12:06:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/07 12:01:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/07 03:56:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/07 03:55:13 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 12:52:00 | 000,472,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 12:51:54 | 000,084,602 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

========== LOP Check ==========

[2010/08/18 01:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/10 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/01 10:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/05/07 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2011/01/04 02:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/28 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2011/07/29 20:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/03/18 00:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa Lite
[2011/01/04 02:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/08/31 23:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/18 01:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/08/02 07:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/05 22:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2007/02/24 09:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/08/02 06:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/12 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/30 12:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ROBLOX
[2008/08/21 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads
[2007/02/27 04:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/06/23 02:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/05/07 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/01 23:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/08/02 21:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/30 00:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/10 00:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/04/01 23:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/01/03 21:25:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/30 00:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/04 03:54:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011/01/23 07:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG10
[2010/07/15 15:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CallingID
[2010/05/13 10:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\comcasttb
[2008/11/13 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
[2011/07/13 23:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PCToolsFirewallPlus
[2008/11/13 20:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Template
[2011/01/23 08:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\TuneUp Software
[2011/01/10 21:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/02/16 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lol\Application Data\ijjigame
[2010/04/23 00:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prentis Robinson\Application Data\comcasttb
[2011/08/01 10:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\Babylon
[2011/07/29 16:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\CallingID
[2011/07/28 17:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\comcasttb
[2011/08/01 03:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\IObit
[2011/07/12 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\NeopleLauncherDFO
[2011/07/11 00:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\PCToolsFirewallPlus
[2011/07/29 22:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\PriceGong
[2011/07/29 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\Walgreens
[2011/08/01 12:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tech\Application Data\WhiteSmoke
[2006/04/16 05:34:49 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Tech\Application Data\win32

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/29 22:07:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/29 22:07:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2010/08/20 15:48:24 | 002,547,712 | ---- | M] (MAIET entertainment) MD5=63948556BD2B7B70A00613D3E142EA85 -- C:\Documents and Settings\Tech\My Documents\FreestylersWorld Entertainment\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/03 23:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 03:16:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2006/09/15 20:09:10 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/09/14 22:17:59 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch\MCROSO~1) -- C:\WINDOWS\АppPatch\MCROSO~1
[2006/07/21 17:23:42 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/07/21 17:23:42 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/07/18 02:52:50 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/07/18 02:52:50 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/06/22 19:04:47 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft\M?crosoft) -- C:\WINDOWS\Mіcrosoft\Mіcrosoft
[2006/06/22 13:04:42 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/06/22 13:04:16 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/06/21 22:40:04 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
(C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8B88761
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

#8
kotaishi

Posted 02 August 2011 - 07:51 PM

Member

Topic Starter
Member
10 posts

OTL Extras logfile created on: 8/2/2011 9:31:46 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Tech\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 187.77 Mb Available Physical Memory | 36.82% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 36.28 Gb Free Space | 48.70% Space Free | Partition Type: NTFS

Computer Name: ROBINSON | User Name: Tech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"56791:TCP" = 56791:TCP:*:Enabled:Pando Media Booster
"56791:UDP" = 56791:UDP:*:Enabled:Pando Media Booster
"57919:TCP" = 57919:TCP:*:Enabled:Pando Media Booster
"57919:UDP" = 57919:UDP:*:Enabled:Pando Media Booster
"57078:TCP" = 57078:TCP:*:Enabled:Pando Media Booster
"57078:UDP" = 57078:UDP:*:Enabled:Pando Media Booster
"57628:TCP" = 57628:TCP:*:Enabled:Pando Media Booster
"57628:UDP" = 57628:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"2646:TCP" = 2646:TCP:*:Disabled:SolidNetworkManager
"2646:UDP" = 2646:UDP:*:Disabled:SolidNetworkManager
"56890:TCP" = 56890:TCP:*:Disabled:SolidNetworkManager
"56890:UDP" = 56890:UDP:*:Disabled:SolidNetworkManager
"57014:TCP" = 57014:TCP:*:Enabled:Pando Media Booster
"57014:UDP" = 57014:UDP:*:Enabled:Pando Media Booster
"56603:TCP" = 56603:TCP:*:Enabled:Pando Media Booster
"56603:UDP" = 56603:UDP:*:Enabled:Pando Media Booster
"56798:TCP" = 56798:TCP:*:Enabled:Pando Media Booster
"56798:UDP" = 56798:UDP:*:Enabled:Pando Media Booster
"57960:TCP" = 57960:TCP:*:Enabled:Pando Media Booster
"57960:UDP" = 57960:UDP:*:Enabled:Pando Media Booster
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"8500:TCP" = 8500:TCP:*:Enabled:HockeyDash
"13000:UDP" = 13000:UDP:*:Enabled:HockeyDash
"56791:TCP" = 56791:TCP:*:Enabled:Pando Media Booster
"56791:UDP" = 56791:UDP:*:Enabled:Pando Media Booster
"57919:TCP" = 57919:TCP:*:Enabled:Pando Media Booster
"57919:UDP" = 57919:UDP:*:Enabled:Pando Media Booster
"57078:TCP" = 57078:TCP:*:Enabled:Pando Media Booster
"57078:UDP" = 57078:UDP:*:Enabled:Pando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"57628:TCP" = 57628:TCP:*:Enabled:Pando Media Booster
"57628:UDP" = 57628:UDP:*:Enabled:Pando Media Booster
"1032:TCP" = 1032:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1141893854\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1141893854\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Documents and Settings\Tech~\My Documents\Downloads\Conquer_v5287_P2P.exe" = C:\Documents and Settings\Tech~\My Documents\Downloads\Conquer_v5287_P2P.exe:*:Enabled:Conquer_v5287_P2P.exe
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1141893854\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1141893854\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1141893854\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1141893854\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"C:\Program Files\Persona\Persona.exe" = C:\Program Files\Persona\Persona.exe:*:Enabled:Persona -- (CDNetworks Co.,Ltd)
"C:\Documents and Settings\Tech~\My Documents\GrandChase\Grand Chase\main.exe" = C:\Documents and Settings\Tech~\My Documents\GrandChase\Grand Chase\main.exe:*:Enabled:GrandChase
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Documents and Settings\Tech~\My Documents\Downloads\Conquer_v5287_P2P.exe" = C:\Documents and Settings\Tech~\My Documents\Downloads\Conquer_v5287_P2P.exe:*:Enabled:Conquer_v5287_P2P.exe
"C:\WINDOWS\Temp\~os1D7.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os1D7.tmp\pmropn.exe:*:Enabled:pmropn.exe
"C:\Documents and Settings\Tech~\Local Settings\Temp\~osE807.tmp\pmropn.exe" = C:\Documents and Settings\Tech~\Local Settings\Temp\~osE807.tmp\pmropn.exe:*:Enabled:pmropn.exe
"C:\Program Files\REACTOR\ijjiOptimizer.exe" = C:\Program Files\REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe" = C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe:*:Enabled:LostSaga(upgrade) -- (IO Entertainment Co., Ltd.)
"C:\Program Files\OGPlanet\LostSaga\lostsaga.exe" = C:\Program Files\OGPlanet\LostSaga\lostsaga.exe:*:Enabled:LostSaga(client) -- (IO Entertainment Co., Ltd.)
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase
"C:\Program Files\Kamuse\kcsDownloadV3Tray\KCSDownloadV3Tray.exe" = C:\Program Files\Kamuse\kcsDownloadV3Tray\KCSDownloadV3Tray.exe:*:Enabled:KCSDownloadEngine -- (Kamuse, Incorporated)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\AOL\1141893854\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1141893854\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Nexon\DragonNest\DragonNest.exe" = C:\Nexon\DragonNest\DragonNest.exe:*:Enabled:Dragon Nest -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9FCB2876-554D-491D-A2CD-58F8252D6C64}" = Ink
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V Ver1.06
"Active XL Report_is1" = Active XL Report 4.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"Akamai" = Akamai NetSession Interface
"Amazing Photo Editor V5.6" = Amazing Photo Editor V5.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"comcasttb" = Comcast Toolbar 3.0
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"DragonNest" = DragonNest
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LostSagaUS" = Lost Saga
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"PageRage Toolbar" = PageRage Toolbar
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"PDF-XChange 4 Pro_is1" = PDF-XChange 4 Pro
"Persona" = Hybrid Downloader 1,0,2,6
"Phun_is1" = Algodoo Phun edition v5.28
"PROSet" = Intel® PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"Ragnarok Online" = Ragnarok Online
"RumbleFighter" = Rumble Fighter
"Setup Support for RelevantKnowledge" = Setup Support for RelevantKnowledge 1.0
"SystemRequirementsLab" = System Requirements Lab
"The Free YouTube Downloader" = The Free YouTube Downloader
"Trojan Remover_is1" = Trojan Remover 6.8.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-682003330-725345543-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Tech
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2011 12:28:22 AM | Computer Name = ROBINSON | Source = IMFservice | ID = 0
Description =

Error - 7/30/2011 12:28:23 AM | Computer Name = ROBINSON | Source = IMFservice | ID = 0
Description =

Error - 7/30/2011 8:25:45 AM | Computer Name = ROBINSON | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/1/2011 12:33:48 AM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application rumblefighter.exe, version 0.9.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/1/2011 3:20:14 AM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application rumblefighter.exe, version 0.9.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/1/2011 8:08:25 AM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application rumblefighter.exe, version 0.9.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/1/2011 8:41:17 AM | Computer Name = ROBINSON | Source = Application on Demand - GPlayer | ID = 0
Description =

Error - 8/1/2011 1:41:19 PM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/1/2011 10:52:08 PM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application rumblefighter.exe, version 0.9.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/2/2011 1:04:54 AM | Computer Name = ROBINSON | Source = Application Error | ID = 1000
Description = Faulting application rumblefighter.exe, version 0.9.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 8/1/2011 8:21:32 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/1/2011 8:21:32 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The LXCGCustomerConnect service failed to start due to the following
error: %%2

Error - 8/1/2011 8:24:56 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/1/2011 8:24:56 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The LXCGCustomerConnect service failed to start due to the following
error: %%2

Error - 8/2/2011 6:14:12 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/2/2011 6:14:12 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The LXCGCustomerConnect service failed to start due to the following
error: %%2

Error - 8/2/2011 8:19:40 PM | Computer Name = ROBINSON | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 8/2/2011 8:43:42 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/2/2011 8:43:42 PM | Computer Name = ROBINSON | Source = Service Control Manager | ID = 7000
Description = The LXCGCustomerConnect service failed to start due to the following
error: %%2

Error - 8/2/2011 8:43:45 PM | Computer Name = ROBINSON | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer PDF-XChange 4.0 share name
Printer.

< End of report >

#9
Render

Posted 03 August 2011 - 05:52 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

What antivirus program are you using?

Please follow the steps below:

Step 1

Please uninstall following programs:

IObit Malware Fighter
Conduit Engine
Viewpoint Media Player
WhiteSmoke Bar Toolbar
BitTorrentBar Toolbar
PageRage Toolbar

How to unistall program in Windows XP:

Click Start, click Control Panel, and then double-click Add or Remove Programs.
In the Currently installed programs box, click the program that you want to remove, and then click Remove.
If you are prompted to confirm the removal of the program, click Yes.

Step 2

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.

Under the Custom Scans/Fixes box copy and paste this in:

:OTL
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
[2010/12/14 07:27:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/28 21:16:51 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/04/28 21:17:02 | 000,001,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-682003330-725345543-1018\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - File not found
O20 - Winlogon\Notify\StillImage: DllName - C:\WINDOWS\system32\k6pm0g71e6.dll - C:\WINDOWS\system32\k6pm0g71e6.dll ()

  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Posted Image

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware.
Select the Update tab.
Click on Check for Updates button.
Click on OK.
Select the Scanner tab.
Select Perform quick scan, then click on Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

OTL fix log
MBAM log
OTL scan log

#10
kotaishi

Posted 03 August 2011 - 05:58 PM

Member

Topic Starter
Member
10 posts

Hey, thanks for the help so far. With the items you told me to uninstall, i uninstalled iObit and viewpoint. I clicked remove with the toolbars but they remained on my add/remove programs list, were they fully deleted? And im using pc tools firewall plus.

Edited by kotaishi, 03 August 2011 - 05:59 PM.

#11
Render

Posted 03 August 2011 - 06:21 PM

Trusted Helper

Malware Removal
4,195 posts

OK. We will deal with toolbars later. Please proceed with steps 2, 3 and 4.

And im using pc tools firewall plus.

I know that. But how about antivirus programme?

#12
kotaishi

Posted 03 August 2011 - 06:36 PM

Member

Topic Starter
Member
10 posts

I don't think i have any. Do you have anything that you would recommend?

#13
kotaishi

Posted 03 August 2011 - 09:28 PM

Member

Topic Starter
Member
10 posts

Also OTL froze as soon as it began which was around a hour ago should i restart it?

#14
Render

Posted 04 August 2011 - 04:56 AM

Trusted Helper

Malware Removal
4,195 posts

No, please proceed with steps 3 and 4.

#15
Render

Posted 25 August 2011 - 01:01 PM

Trusted Helper

Malware Removal
4,195 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.