Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I got the zlob and it won't go away!

Started by Stinky1527 , Aug 02 2011 01:15 PM

  • This topic is locked This topic is locked

#1
Stinky1527
Posted 02 August 2011 - 01:15 PM

Stinky1527

    Member

  • Member
  • PipPip
  • 12 posts
I have had the worst time trying to get rid of this stupid zlob.
I have used
combofix, malware bytes, avg, pc tools, this thing is in my memory and avg can fix the zlob but not the zlob in the memory. It redirects if I don't know the exact website and even if I do know the website if I click on anything it starts opening windows with some strange writing I can't understand. Please HELP, I don't want to pay for something that can't fix it, and I don't know what else to do.
  • 0

Advertisements

#2
Essexboy
Posted 02 August 2011 - 01:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need to take a peek at your system before I can assist

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Stinky1527
Posted 02 August 2011 - 02:47 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The OTL, is not working when I set up my account I tried it all the ways and it does absolutely nothing. The avast scan is working will post when complete. P. S. thank you for your help.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-02 17:01:47
-----------------------------
17:01:47.875 OS Version: Windows 5.1.2600 Service Pack 3
17:01:47.875 Number of processors: 2 586 0x1C02
17:01:47.875 ComputerName: MINI UserName:
17:01:50.750 Initialize success
17:03:46.203 AVAST engine defs: 11080200
17:04:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
17:04:04.265 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
17:04:04.281 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#4&13b7eae7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
17:04:04.281 Device \Driver\iaStor -> DriverStartIo 866beaea
17:04:04.328 Disk 0 MBR read successfully
17:04:04.343 Disk 0 MBR scan
17:04:04.453 Disk 0 Windows VISTA default MBR code
17:04:04.468 Disk 0 scanning sectors +312578048
17:04:04.625 Disk 0 scanning C:\WINDOWS\system32\drivers
17:04:24.000 File: C:\WINDOWS\system32\drivers\isapnp.sys **INFECTED** Win32:Alureon-FZ
17:04:40.640 Service scanning
17:04:42.875 Modules scanning
17:04:50.109 Disk 0 trace - called modules:
17:04:50.156 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x866beec5]<<
17:04:50.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d7fab8]
17:04:50.187 3 CLASSPNP.SYS[f7600fd7] -> nt!IofCallDriver -> [0x867713f8]
17:04:50.218 5 PCTCore.sys[f736b6a9] -> nt!IofCallDriver -> \Device\00000074[0x867c5030]
17:04:50.234 7 ACPI.sys[f7567620] -> nt!IofCallDriver -> [0x86772030]
17:04:50.250 [0x85d4dd38] -> IRP_MJ_CREATE -> 0x866beec5
17:04:52.000 AVAST engine scan C:\WINDOWS
17:05:20.312 AVAST engine scan C:\WINDOWS\system32
17:10:49.406 AVAST engine scan C:\WINDOWS\system32\drivers
17:11:03.203 File: C:\WINDOWS\system32\drivers\isapnp.sys **INFECTED** Win32:Alureon-FZ
17:11:19.390 AVAST engine scan C:\Documents and Settings\Sara Pitcher
17:13:33.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sara Pitcher\Desktop\MBR.dat"
17:13:33.406 The log file has been saved successfully to "C:\Documents and Settings\Sara Pitcher\Desktop\aswMBR.txt"

Edited by Stinky1527, 02 August 2011 - 02:54 PM.

  • 0

#4
Essexboy
Posted 02 August 2011 - 02:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that has shown me the infected file and I now know what tool to use.. Once TDSSKiller has run could you retry OTL please

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Stinky1527
Posted 02 August 2011 - 03:25 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL still not responding but here is the tdsskiller. Also it is trying to update me for windows, it's got that yellow shield is that shady?

2011/08/02 17:27:06.0578 4376 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 17:27:08.0609 4376 ================================================================================
2011/08/02 17:27:08.0609 4376 SystemInfo:
2011/08/02 17:27:08.0609 4376
2011/08/02 17:27:08.0609 4376 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 17:27:08.0609 4376 Product type: Workstation
2011/08/02 17:27:08.0609 4376 ComputerName: MINI
2011/08/02 17:27:08.0609 4376 UserName: Sara Pitcher
2011/08/02 17:27:08.0609 4376 Windows directory: C:\WINDOWS
2011/08/02 17:27:08.0609 4376 System windows directory: C:\WINDOWS
2011/08/02 17:27:08.0609 4376 Processor architecture: Intel x86
2011/08/02 17:27:08.0609 4376 Number of processors: 2
2011/08/02 17:27:08.0609 4376 Page size: 0x1000
2011/08/02 17:27:08.0609 4376 Boot type: Normal boot
2011/08/02 17:27:08.0609 4376 ================================================================================
2011/08/02 17:27:10.0109 4376 Initialize success
2011/08/02 17:27:24.0328 4468 ================================================================================
2011/08/02 17:27:24.0328 4468 Scan started
2011/08/02 17:27:24.0328 4468 Mode: Manual;
2011/08/02 17:27:24.0328 4468 ================================================================================
2011/08/02 17:27:25.0062 4468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 17:27:25.0140 4468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 17:27:25.0187 4468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/02 17:27:25.0296 4468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 17:27:25.0406 4468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 17:27:25.0515 4468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/02 17:27:25.0578 4468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 17:27:25.0640 4468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 17:27:25.0718 4468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 17:27:25.0765 4468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 17:27:25.0812 4468 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 17:27:25.0984 4468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 17:27:26.0031 4468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 17:27:26.0203 4468 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/02 17:27:26.0375 4468 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 17:27:26.0453 4468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 17:27:26.0640 4468 AR5416 (2b7b6a3305fc34a543d34013c14d02a2) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/08/02 17:27:26.0859 4468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 17:27:26.0937 4468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 17:27:26.0984 4468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 17:27:27.0156 4468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 17:27:27.0234 4468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 17:27:27.0375 4468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 17:27:27.0484 4468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 17:27:27.0562 4468 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/02 17:27:27.0609 4468 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/02 17:27:27.0796 4468 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/02 17:27:27.0890 4468 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/02 17:27:27.0984 4468 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/02 17:27:28.0062 4468 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/02 17:27:28.0421 4468 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/02 17:27:28.0609 4468 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/02 17:27:28.0718 4468 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/02 17:27:28.0828 4468 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/02 17:27:28.0906 4468 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/02 17:27:28.0984 4468 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/02 17:27:29.0093 4468 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/02 17:27:29.0218 4468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 17:27:29.0640 4468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 17:27:29.0687 4468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 17:27:29.0750 4468 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 17:27:29.0828 4468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 17:27:29.0906 4468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 17:27:29.0968 4468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 17:27:30.0062 4468 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/08/02 17:27:30.0203 4468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/02 17:27:30.0343 4468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 17:27:30.0437 4468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/02 17:27:30.0546 4468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 17:27:30.0593 4468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 17:27:30.0687 4468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/02 17:27:30.0765 4468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 17:27:30.0859 4468 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/08/02 17:27:31.0015 4468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 17:27:31.0125 4468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 17:27:31.0250 4468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 17:27:31.0328 4468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 17:27:31.0406 4468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/02 17:27:31.0687 4468 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/08/02 17:27:31.0937 4468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 17:27:32.0296 4468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 17:27:32.0437 4468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/02 17:27:32.0500 4468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 17:27:32.0546 4468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/02 17:27:32.0640 4468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/02 17:27:32.0718 4468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 17:27:32.0781 4468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 17:27:32.0890 4468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/02 17:27:32.0968 4468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 17:27:33.0031 4468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/02 17:27:33.0156 4468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 17:27:33.0250 4468 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/02 17:27:33.0343 4468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 17:27:33.0437 4468 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/02 17:27:33.0468 4468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/02 17:27:33.0593 4468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 17:27:33.0984 4468 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/02 17:27:34.0375 4468 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/02 17:27:34.0500 4468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/08/02 17:27:34.0593 4468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/02 17:27:34.0953 4468 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/02 17:27:35.0265 4468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/02 17:27:35.0359 4468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/02 17:27:35.0437 4468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/02 17:27:35.0562 4468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 17:27:35.0625 4468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 17:27:35.0671 4468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 17:27:35.0750 4468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 17:27:35.0796 4468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 17:27:35.0953 4468 isapnp (d2a7167cce5b5c2a30f9c89409ae70a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 17:27:35.0953 4468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: d2a7167cce5b5c2a30f9c89409ae70a0, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2011/08/02 17:27:35.0968 4468 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/02 17:27:36.0062 4468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 17:27:36.0125 4468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 17:27:36.0171 4468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 17:27:36.0281 4468 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/08/02 17:27:36.0562 4468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 17:27:36.0718 4468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 17:27:36.0937 4468 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/02 17:27:37.0171 4468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 17:27:37.0265 4468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 17:27:37.0359 4468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 17:27:37.0453 4468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/02 17:27:37.0515 4468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 17:27:37.0718 4468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 17:27:37.0875 4468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 17:27:37.0937 4468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 17:27:38.0015 4468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 17:27:38.0078 4468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 17:27:38.0156 4468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 17:27:38.0234 4468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/02 17:27:38.0281 4468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 17:27:38.0406 4468 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/02 17:27:38.0484 4468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 17:27:38.0531 4468 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/02 17:27:38.0687 4468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 17:27:38.0796 4468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 17:27:38.0843 4468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 17:27:38.0906 4468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 17:27:38.0984 4468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 17:27:39.0046 4468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 17:27:39.0281 4468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 17:27:39.0375 4468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 17:27:39.0546 4468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 17:27:39.0609 4468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 17:27:39.0671 4468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 17:27:39.0921 4468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/02 17:27:39.0984 4468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 17:27:40.0046 4468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 17:27:40.0125 4468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 17:27:40.0218 4468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 17:27:40.0312 4468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 17:27:40.0468 4468 PCTCore (ccbbf4ddf14e779c2a63a1ca140663b3) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/08/02 17:27:40.0562 4468 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/08/02 17:27:40.0671 4468 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/08/02 17:27:40.0796 4468 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\WINDOWS\system32\Drivers\PCTSD.sys
2011/08/02 17:27:41.0031 4468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/02 17:27:41.0078 4468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/02 17:27:41.0265 4468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 17:27:41.0328 4468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 17:27:41.0375 4468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 17:27:41.0453 4468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/02 17:27:41.0515 4468 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/02 17:27:41.0593 4468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/02 17:27:41.0671 4468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/02 17:27:41.0703 4468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/02 17:27:41.0843 4468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 17:27:41.0921 4468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 17:27:41.0984 4468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 17:27:42.0031 4468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 17:27:42.0140 4468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 17:27:42.0203 4468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 17:27:42.0359 4468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 17:27:42.0484 4468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 17:27:42.0921 4468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 17:27:43.0000 4468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/02 17:27:43.0125 4468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 17:27:43.0390 4468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/02 17:27:43.0468 4468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/02 17:27:43.0671 4468 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/08/02 17:27:43.0906 4468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/02 17:27:44.0031 4468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 17:27:44.0140 4468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 17:27:44.0234 4468 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 17:27:44.0390 4468 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/02 17:27:44.0500 4468 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/02 17:27:44.0609 4468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 17:27:44.0687 4468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 17:27:44.0828 4468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/02 17:27:44.0937 4468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/02 17:27:44.0984 4468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/02 17:27:45.0046 4468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/02 17:27:45.0187 4468 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/02 17:27:45.0250 4468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 17:27:45.0390 4468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 17:27:45.0468 4468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 17:27:45.0562 4468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 17:27:45.0625 4468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 17:27:45.0750 4468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/02 17:27:45.0843 4468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 17:27:45.0906 4468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/02 17:27:45.0984 4468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 17:27:46.0187 4468 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 17:27:46.0343 4468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/02 17:27:46.0515 4468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 17:27:46.0578 4468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 17:27:46.0718 4468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/02 17:27:46.0796 4468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 17:27:46.0875 4468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 17:27:47.0078 4468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/02 17:27:47.0156 4468 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/02 17:27:47.0218 4468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 17:27:47.0281 4468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/02 17:27:47.0359 4468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/02 17:27:47.0437 4468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 17:27:47.0546 4468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 17:27:47.0609 4468 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/02 17:27:47.0765 4468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 17:27:47.0937 4468 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/02 17:27:48.0046 4468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/02 17:27:48.0140 4468 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/02 17:27:48.0312 4468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/02 17:27:48.0390 4468 Boot (0x1200) (bf17c2174ab9a833c4231f4595154612) \Device\Harddisk0\DR0\Partition0
2011/08/02 17:27:48.0406 4468 ================================================================================
2011/08/02 17:27:48.0406 4468 Scan finished
2011/08/02 17:27:48.0406 4468 ================================================================================
2011/08/02 17:27:48.0468 4212 Detected object count: 1
2011/08/02 17:27:48.0468 4212 Actual detected object count: 1
2011/08/02 17:28:00.0359 4212 isapnp (d2a7167cce5b5c2a30f9c89409ae70a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 17:28:00.0375 4212 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: d2a7167cce5b5c2a30f9c89409ae70a0, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2011/08/02 17:28:02.0015 4212 Backup copy found, using it..
2011/08/02 17:28:02.0062 4212 C:\WINDOWS\system32\DRIVERS\isapnp.sys - will be cured after reboot
2011/08/02 17:28:02.0062 4212 Rootkit.Win32.TDSS.tdl3(isapnp) - User select action: Cure
2011/08/02 17:28:40.0203 5320 Deinitialize success

Edited by Stinky1527, 02 August 2011 - 03:26 PM.

  • 0

#6
Essexboy
Posted 02 August 2011 - 03:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try OTL's brother. No it is legit windows can now get to the update page

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in


    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
  • 0

#7
Stinky1527
Posted 02 August 2011 - 04:02 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTS was successful:


OTS logfile created on: 8/2/2011 5:57:46 PM - Run 1
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Documents and Settings\Sara Pitcher\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 96.98 Gb Free Space | 68.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MINI
Current User Name: Sara Pitcher
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.com -> C:\Documents and Settings\Sara Pitcher\My Documents\Downloads\OTS.com -> [2011/08/02 17:54:36 | 000,645,120 | ---- | M] (OldTimer Tools)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/08/02 13:19:00 | 000,269,480 | ---- | M] (Avira GmbH)
pctsgui.exe -> C:\Program Files\PC Tools Security\pctsGui.exe -> [2011/07/07 11:39:10 | 001,600,984 | ---- | M] (PC Tools)
fguard.exe -> C:\Program Files\PC Tools Security\BDT\FGuard.exe -> [2011/07/01 15:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.)
bdtupdateservice.exe -> C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -> [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.)
avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH)
avgtray.exe -> C:\Program Files\AVG\AVG10\avgtray.exe -> [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgidsagent.exe -> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
avgnsx.exe -> C:\Program Files\AVG\AVG10\avgnsx.exe -> [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.)
pctssvc.exe -> C:\Program Files\PC Tools Security\pctsSvc.exe -> [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools)
avgcsrvx.exe -> C:\Program Files\AVG\AVG10\avgcsrvx.exe -> [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemcx.exe -> C:\Program Files\AVG\AVG10\avgemcx.exe -> [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgchsvx.exe -> C:\Program Files\AVG\AVG10\avgchsvx.exe -> [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgfws.exe -> C:\Program Files\AVG\AVG10\avgfws.exe -> [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.)
pctsauxs.exe -> C:\Program Files\PC Tools Security\pctsAuxs.exe -> [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools)
avgidsmonitor.exe -> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe -> [2011/02/10 07:55:18 | 001,148,256 | ---- | M] ()
avgwdsvc.exe -> C:\Program Files\AVG\AVG10\avgwdsvc.exe -> [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG10\avgrsx.exe -> [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgam.exe -> C:\Program Files\AVG\AVG10\avgam.exe -> [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
acervcm.exe -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe -> [2009/02/11 18:46:28 | 000,565,248 | ---- | M] (Acer Incorporated)
rs_service.exe -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated)
lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2008/12/30 03:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.com -> C:\Documents and Settings\Sara Pitcher\My Documents\Downloads\OTS.com -> [2011/08/02 17:54:36 | 000,645,120 | ---- | M] (OldTimer Tools)
smum32.dll -> C:\Program Files\PC Tools Security\smum32.dll -> [2010/12/15 10:06:52 | 000,159,304 | ---- | M] (PC Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(helpsvc) Help and Support [Auto | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/08/02 13:19:00 | 000,269,480 | ---- | M] (Avira GmbH)
(Browser Defender Update Service) Browser Defender Update Service [Auto | Running] -> C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -> [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH)
(AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(sdCoreService) PC Tools Security Service [Auto | Running] -> C:\Program Files\PC Tools Security\pctsSvc.exe -> [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools)
(avgfws) AVG Firewall [Auto | Running] -> C:\Program Files\AVG\AVG10\avgfws.exe -> [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.)
(sdAuxService) PC Tools Auxiliary Service [Auto | Running] -> C:\Program Files\PC Tools Security\pctsAuxs.exe -> [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools)
(avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG10\avgwdsvc.exe -> [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
(RS_Service) Raw Socket Service [Auto | Running] -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation)
 
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2011/08/02 13:19:04 | 000,138,192 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2011/08/02 13:19:04 | 000,066,616 | ---- | M] (Avira GmbH)
(PCTCore) PCTools KDS [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools)
(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -> [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. )
(Avgtdix) AVG TDI Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgtdix.sys -> [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Avgrkx86) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -> [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.)
(PCTSD) PC Tools Spyware Doctor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\PCTSD.sys -> [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools)
(Avgmfx86) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\WINDOWS\system32\drivers\avgmfx86.sys -> [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -> [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. )
(AVGIDSShim) AVGIDSShim [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AVGIDSShim.sys -> [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. )
(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -> [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. )
(Avgldx86) AVG AVI Loader Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgldx86.sys -> [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(pctEFA) PC Tools Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\pctEFA.sys -> [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools)
(pctDS) PC Tools Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\pctDS.sys -> [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools)
(Avgfwfd) AVG network filter service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\avgfwdx.sys -> [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Avgfwdx) Avgfwdx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\avgfwdx.sys -> [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH)
(L1c) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\l1c51x86.sys -> [2009/03/02 01:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.)
(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\athw.sys -> [2009/02/25 23:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.)
(Ambfilt) Ambfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Ambfilt.sys -> [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative)
(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\snp2uvc.sys -> [2007/10/01 17:59:46 | 001,769,984 | ---- | M] ()
(DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> C:\Program Files\Launch Manager\DPortIO.sys -> [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.)
(Monfilt) Monfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Monfilt.sys -> [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\: SearchURL\\"provider" ->  -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\: URLSearchHooks\\"{472734EA-242A-422b-ADF8-83D1E48CC825}" [HKLM] -> C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [PC Tools Browser Guard] -> [2011/07/01 15:36:52 | 001,144,784 | ---- | M] (Threat Expert Ltd.)
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Sara Pitcher\Application Data\Mozilla\FireFox\Profiles\zhty4lru.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} -> C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ [C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\] -> [2011/08/02 01:26:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16} -> C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\ [C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\] -> [2011/08/02 13:26:05 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/06/12 21:02:27 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Sara Pitcher\Application Data\Mozilla\Extensions -> [2010/11/29 16:37:28 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Sara Pitcher\Application Data\Mozilla\Extensions\[email protected] -> [2010/11/29 16:37:28 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Sara Pitcher\Application Data\Mozilla\Extensions\[email protected] -> [2009/10/06 23:22:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/06/12 21:02:27 | 000,000,000 | ---D | M]
No name found ->  -> File not found
AVG Safe Search -> C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 -> [2011/08/02 01:26:54 | 000,000,000 | ---D | M]
Java Quick Starter -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF -> [2010/11/14 00:30:24 | 000,000,000 | ---D | M]
Browser Defender Toolbar -> C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX -> [2011/08/02 13:26:05 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION -> [2009/10/08 10:31:19 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/08/02 01:11:28 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} [HKLM] -> C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [PC Tools Browser Guard BHO] -> [2011/07/01 15:36:52 | 001,144,784 | ---- | M] (Threat Expert Ltd.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG10\avgssie.dll [AVG Safe Search] -> [2011/07/08 22:26:40 | 002,274,144 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [PC Tools Browser Guard] -> [2011/07/01 15:36:52 | 001,144,784 | ---- | M] (Threat Expert Ltd.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [PC Tools Browser Guard] -> [2011/07/01 15:36:52 | 001,144,784 | ---- | M] (Threat Expert Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG_TRAY" -> C:\Program Files\AVG\AVG10\avgtray.exe [C:\Program Files\AVG\AVG10\avgtray.exe] -> [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH)
"AzMixerSel" -> C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe] -> [2010/11/23 22:16:19 | 000,053,248 | ---- | M] (Realtek Semiconductor Corp.)
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2008/04/14 08:00:00 | 000,208,952 | ---- | M] (Microsoft Corporation)
"ISTray" -> C:\Program Files\PC Tools Security\pctsGui.exe ["C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI] -> [2011/07/07 11:39:10 | 001,600,984 | ---- | M] (PC Tools)
"LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2008/12/30 03:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.)
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2008/04/14 08:00:00 | 000,059,392 | ---- | M] ()
"PCTools FGuard" -> C:\Program Files\PC Tools Security\BDT\FGuard.exe [C:\Program Files\PC Tools Security\BDT\FGuard.exe] -> [2011/07/01 15:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2008/04/14 08:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2008/04/14 08:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)
"PLFSetL" -> C:\WINDOWS\PLFSetL.exe [C:\WINDOWS\PLFSetL.exe] -> [2010/11/23 22:29:21 | 000,094,208 | ---- | M] (sonix)
"snp2uvc" -> C:\WINDOWS\System32\csnp2uvc.dll [rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS] -> [2010/11/23 22:29:56 | 000,196,608 | ---- | M] ( )
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"AvgUninstallURL" -> C:\WINDOWS\System32\cmd.exe [cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjQyODMzNDQxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrNzctRkwxMCsxLVRVRyszLVNQMSsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzA"&"prod=90"&"ver=10.0.1382] -> [2008/04/14 08:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe -> [2009/02/11 18:46:28 | 000,565,248 | ---- | M] (Acer Incorporated)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Sara Pitcher Startup Folder > -> C:\Documents and Settings\Sara Pitcher\Start Menu\Programs\Startup -> 
< tytyty Startup Folder > -> C:\Documents and Settings\tytyty\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\] > -> HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1990122784-2693076698-917563655-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{64CD313F-F079-4D93-959F-4D28B5519449} [HKLM] -> http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab [Jeopardy Control] -> 
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> http://www.worldwinner.com/games/shared/wwlaunch.cab [Wwlaunch Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> http://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab [FamilyFeud Control] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 71.250.0.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C38A80D4-9EB4-4A09-8580-98EC55B1EFB2}\\DhcpNameServer -> 192.168.1.1 71.250.0.12   (Atheros AR5007EG Wireless Network Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin] -> [2011/06/27 09:43:20 | 007,317,048 | ---- | M] (Google)
"C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2011/06/27 09:23:56 | 000,161,336 | ---- | M] (Google)
"C:\Program Files\AVG\AVG10\avgam.exe" -> C:\Program Files\AVG\AVG10\avgam.exe [C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager] -> [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" -> C:\Program Files\AVG\AVG10\avgdiagex.exe [C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011] -> [2011/04/13 05:39:04 | 003,832,672 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" -> C:\Program Files\AVG\AVG10\avgemcx.exe [C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner] -> [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" -> C:\Program Files\AVG\AVG10\avgmfapx.exe [C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer] -> [2011/06/20 16:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" -> C:\Program Files\AVG\AVG10\avgnsx.exe [C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield] -> [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FrostWire\FrostWire.exe" -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2011/03/17 18:27:40 | 000,114,688 | ---- | M] (FrostWire Group)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2010/11/23 22:12:59 | 000,503,808 | ---- | M] (Lime Wire, LLC)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/03/12 01:07:49 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/14 08:00:00 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 10:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2010/11/23 22:31:02 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2010/11/23 22:31:10 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/14 08:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/14 08:00:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2008/04/14 08:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2008/04/14 08:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/14 08:00:00 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/14 08:00:00 | 000,755,200 | ---- | M] (Intel Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
AppMgmt ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
helpsvc ->  -> File not found
*MultiFile Done* -> -> 
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
43946555.sys -> Driver
AppMgmt ->  -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc ->  -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> 
exefile [open] -> "%1" %* -> 
htafile [open] -> "%1" %* -> 
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> 
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> 
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/07/26 17:17:46 | 000,135,416 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/07/26 17:17:46 | 000,135,416 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 8/2/2011 7:05:57 AM Computer Name = MINI | Source = ESENT | ID = 473 -> Description = Catalog Database (1636) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb was partially detached.  Error -1032 encountered updating database headers.
Application [ Error ] 8/2/2011 9:46:50 AM Computer Name = MINI | Source = MsiInstaller | ID = 11721 -> Description = Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g1 
Application [ Error ] 8/2/2011 9:49:39 AM Computer Name = MINI | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/2/2011 9:49:39 AM Computer Name = MINI | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/2/2011 10:53:20 AM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application SpyHunter4.exe, version 4.5.11.3608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/2/2011 3:26:12 PM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL.scr, version 3.2.26.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/2/2011 3:39:15 PM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL.com, version 3.2.26.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/2/2011 5:15:40 PM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL.exe, version 3.2.26.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/2/2011 5:53:21 PM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL(1).exe, version 3.2.26.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/2/2011 5:53:28 PM Computer Name = MINI | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL(1).exe, version 3.2.26.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 8/2/2011 12:42:18 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 8/2/2011 12:42:18 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126
System [ Error ] 8/2/2011 12:50:30 PM Computer Name = MINI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 8/2/2011 12:51:44 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Help and Support service terminated with the following error:   %%126
System [ Error ] 8/2/2011 12:51:44 PM Computer Name = MINI | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   avgio  Avgldx86  Avgmfx86  avipbb  Fips  intelppm  ssmdrv
System [ Error ] 8/2/2011 1:13:32 PM Computer Name = MINI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 8/2/2011 1:15:12 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Help and Support service terminated with the following error:   %%126
System [ Error ] 8/2/2011 4:54:45 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Help and Support service terminated with the following error:   %%126
System [ Error ] 8/2/2011 5:31:08 PM Computer Name = MINI | Source = sr | ID = 1 -> Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
System [ Error ] 8/2/2011 5:31:48 PM Computer Name = MINI | Source = Service Control Manager | ID = 7023 -> Description = The Help and Support service terminated with the following error:   %%126
 
[Files/Folders - Created Within 30 Days]
 LastGood -> C:\WINDOWS\LastGood -> [2011/08/02 17:33:21 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2011/08/02 13:50:23 | 000,000,000 | -HSD | C]
 PCTBDCore.dll -> C:\WINDOWS\PCTBDCore.dll -> [2011/08/02 13:25:54 | 002,029,520 | ---- | C] (Threat Expert Ltd.)
 SGDetectionTool.dll -> C:\WINDOWS\SGDetectionTool.dll -> [2011/08/02 13:25:54 | 000,149,456 | ---- | C] (PC Tools)
 PCTBDRes.dll -> C:\WINDOWS\PCTBDRes.dll -> [2011/08/02 13:25:53 | 001,533,904 | ---- | C] (Threat Expert Ltd.)
 pctEFA.sys -> C:\WINDOWS\System32\drivers\pctEFA.sys -> [2011/08/02 13:22:57 | 000,656,320 | ---- | C] (PC Tools)
 pctDS.sys -> C:\WINDOWS\System32\drivers\pctDS.sys -> [2011/08/02 13:22:57 | 000,338,880 | ---- | C] (PC Tools)
 pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2011/08/02 13:22:52 | 000,253,096 | ---- | C] (PC Tools)
 PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2011/08/02 13:22:34 | 000,263,888 | ---- | C] (PC Tools)
 PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2011/08/02 13:22:34 | 000,160,576 | ---- | C] (PC Tools)
 PC Tools Security -> C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security -> [2011/08/02 13:22:27 | 000,000,000 | ---D | C]
 PCTSD.sys -> C:\WINDOWS\System32\drivers\PCTSD.sys -> [2011/08/02 13:22:26 | 000,233,976 | ---- | C] (PC Tools)
 pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2011/08/02 13:22:17 | 000,070,664 | ---- | C] (PC Tools)
 PC Tools Security -> C:\Program Files\PC Tools Security -> [2011/08/02 13:21:48 | 000,000,000 | ---D | C]
 PC Tools -> C:\Program Files\Common Files\PC Tools -> [2011/08/02 13:21:48 | 000,000,000 | ---D | C]
 PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2011/08/02 13:18:09 | 000,000,000 | ---D | C]
 temp -> C:\WINDOWS\temp -> [2011/08/02 13:12:36 | 000,000,000 | ---D | C]
 sh4ldr -> C:\sh4ldr -> [2011/08/02 09:46:27 | 000,000,000 | ---D | C]
 Enigma Software Group -> C:\Program Files\Enigma Software Group -> [2011/08/02 09:46:27 | 000,000,000 | ---D | C]
 Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2011/08/02 09:45:11 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Sara Pitcher\Application Data\Malwarebytes -> [2011/08/02 09:05:15 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/08/02 09:05:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/08/02 09:05:02 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/08/02 09:04:58 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/08/02 09:04:53 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/08/02 09:04:53 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2011/08/02 08:56:56 | 000,000,000 | ---D | C]
 NtmsData -> C:\WINDOWS\System32\NtmsData -> [2011/08/02 02:22:55 | 000,000,000 | ---D | C]
 Avira -> C:\Documents and Settings\Sara Pitcher\Application Data\Avira -> [2011/08/02 02:22:03 | 000,000,000 | ---D | C]
 Avira -> C:\Documents and Settings\All Users\Start Menu\Programs\Avira -> [2011/08/02 02:14:20 | 000,000,000 | ---D | C]
 ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2011/08/02 02:14:01 | 000,028,520 | ---- | C] (Avira GmbH)
 avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2011/08/02 02:13:59 | 000,138,192 | ---- | C] (Avira GmbH)
 avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2011/08/02 02:13:59 | 000,066,616 | ---- | C] (Avira GmbH)
 avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2011/08/02 02:13:59 | 000,045,416 | ---- | C] (Avira GmbH)
 avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2011/08/02 02:13:59 | 000,022,360 | ---- | C] (Avira GmbH)
 Avira -> C:\Program Files\Avira -> [2011/08/02 02:13:58 | 000,000,000 | ---D | C]
 Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2011/08/02 02:13:58 | 000,000,000 | ---D | C]
 AVG 2011 -> C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 -> [2011/08/02 01:28:11 | 000,000,000 | ---D | C]
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/08/02 00:57:34 | 000,060,416 | ---- | C] (NirSoft)
 hidserv.dll -> C:\WINDOWS\System32\dllcache\hidserv.dll -> [2011/08/01 23:46:48 | 000,021,504 | ---- | C] (Microsoft Corporation)
 cmdcons -> C:\cmdcons -> [2011/08/01 23:18:45 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/08/01 23:15:39 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/08/01 23:15:39 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/08/01 23:15:39 | 000,212,480 | ---- | C] (SteelWerX)
 ERDNT -> C:\WINDOWS\ERDNT -> [2011/08/01 23:14:16 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/08/01 23:13:59 | 000,000,000 | ---D | C]
 My Videos -> C:\Documents and Settings\All Users\Documents\My Videos -> [2011/08/01 23:13:53 | 000,000,000 | R--D | C]
 Administrative Tools -> C:\Documents and Settings\Sara Pitcher\Start Menu\Programs\Administrative Tools -> [2011/08/01 23:13:53 | 000,000,000 | R--D | C]
 csnp2uvc.dll -> C:\WINDOWS\System32\csnp2uvc.dll -> [2009/06/09 10:59:29 | 000,196,608 | ---- | C] ( )
 rsnp2uvc.dll -> C:\WINDOWS\System32\rsnp2uvc.dll -> [2009/06/09 10:59:26 | 000,172,032 | ---- | C] ( )
 Interop.IWshRuntimeLibrary.dll -> C:\WINDOWS\Interop.IWshRuntimeLibrary.dll -> [2009/03/11 08:53:14 | 000,049,152 | ---- | C] ( )
 50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> 
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-1990122784-2693076698-917563655-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1990122784-2693076698-917563655-1005UA.job -> [2011/08/02 18:17:05 | 000,001,006 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/08/02 17:44:46 | 000,211,968 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/08/02 17:36:05 | 000,435,450 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/08/02 17:36:05 | 000,069,020 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/08/02 17:30:48 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/08/02 17:30:46 | 1063,198,720 | -HS- | M] ()
 MBR.dat -> C:\Documents and Settings\Sara Pitcher\Desktop\MBR.dat -> [2011/08/02 17:13:33 | 000,000,512 | ---- | M] ()
 iavifw.avm -> C:\WINDOWS\System32\drivers\AVG\iavifw.avm -> [2011/08/02 14:39:33 | 000,659,282 | ---- | M] ()
 Cat.DB -> C:\WINDOWS\System32\drivers\Cat.DB -> [2011/08/02 13:23:20 | 000,553,980 | ---- | M] ()
 PC Tools AntiVirus Free.lnk -> C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk -> [2011/08/02 13:22:28 | 000,001,686 | ---- | M] ()
 avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2011/08/02 13:19:04 | 000,138,192 | ---- | M] (Avira GmbH)
 avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2011/08/02 13:19:04 | 000,066,616 | ---- | M] (Avira GmbH)
 avinstall.exe -> C:\Documents and Settings\Sara Pitcher\My Documents\avinstall.exe -> [2011/08/02 13:17:53 | 000,513,008 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/08/02 09:05:03 | 000,000,788 | ---- | M] ()
 incavi.avm -> C:\WINDOWS\System32\drivers\AVG\incavi.avm -> [2011/08/02 08:39:28 | 126,555,711 | ---- | M] ()
 Avira AntiVir Control Center.lnk -> C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2011/08/02 02:14:20 | 000,001,711 | ---- | M] ()
 AVG 2011.lnk -> C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk -> [2011/08/02 01:28:12 | 000,000,694 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/08/02 01:11:28 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2011/08/01 23:18:51 | 000,000,327 | RHS- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/07/22 21:09:13 | 000,001,158 | ---- | M] ()
 PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2011/07/11 12:06:18 | 000,160,576 | ---- | M] (PC Tools)
 PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools)
 pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2011/07/11 09:07:46 | 000,070,664 | ---- | M] (PC Tools)
 pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2011/07/11 09:05:12 | 000,253,096 | ---- | M] (PC Tools)
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
 50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> 
 3 C:\Documents and Settings\Sara Pitcher\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Sara Pitcher\Local Settings\temp\*.tmp -> 
 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 MBR.dat -> C:\Documents and Settings\Sara Pitcher\Desktop\MBR.dat -> [2011/08/02 17:13:33 | 000,000,512 | ---- | C] ()
 avinstall.exe -> C:\Documents and Settings\Sara Pitcher\My Documents\avinstall.exe -> [2011/08/02 13:50:18 | 000,513,008 | ---- | C] ()
 BDTSupport.dll -> C:\WINDOWS\BDTSupport.dll -> [2011/08/02 13:25:55 | 000,767,952 | ---- | C] ()
 UDB.zip -> C:\WINDOWS\UDB.zip -> [2011/08/02 13:25:54 | 000,002,125 | ---- | C] ()
 RegSDImport.xml -> C:\WINDOWS\RegSDImport.xml -> [2011/08/02 13:25:54 | 000,000,882 | ---- | C] ()
 RegISSImport.xml -> C:\WINDOWS\RegISSImport.xml -> [2011/08/02 13:25:54 | 000,000,879 | ---- | C] ()
 IDB.zip -> C:\WINDOWS\IDB.zip -> [2011/08/02 13:25:54 | 000,000,131 | ---- | C] ()
 Cat.DB -> C:\WINDOWS\System32\drivers\Cat.DB -> [2011/08/02 13:22:57 | 000,553,980 | ---- | C] ()
 PC Tools AntiVirus Free.lnk -> C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk -> [2011/08/02 13:22:28 | 000,001,686 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/08/02 13:14:23 | 1063,198,720 | -HS- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/08/02 09:05:03 | 000,000,788 | ---- | C] ()
 Avira AntiVir Control Center.lnk -> C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2011/08/02 02:14:20 | 000,001,711 | ---- | C] ()
 AVG 2011.lnk -> C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk -> [2011/08/02 01:28:12 | 000,000,694 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2011/08/01 23:18:51 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2011/08/01 23:18:47 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/08/01 23:15:39 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/08/01 23:15:39 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2011/08/01 23:15:39 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2011/08/01 23:15:39 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2011/08/01 23:15:39 | 000,068,096 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/06/12 21:02:41 | 000,000,000 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/12/13 12:31:21 | 000,000,664 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sara Pitcher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/11/07 20:32:13 | 000,211,968 | ---- | C] ()
 mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2010/03/05 12:07:34 | 000,054,436 | -H-- | C] ()
 snp2uvc.sys -> C:\WINDOWS\System32\drivers\snp2uvc.sys -> [2009/06/09 10:59:29 | 001,769,984 | ---- | C] ()
 sncduvc.sys -> C:\WINDOWS\System32\drivers\sncduvc.sys -> [2009/06/09 10:59:29 | 000,028,160 | ---- | C] ()
 PidList.ini -> C:\WINDOWS\PidList.ini -> [2009/06/09 10:59:29 | 000,000,245 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2009/03/12 02:47:07 | 000,000,061 | ---- | C] ()
 RtConvEQ.DAT -> C:\WINDOWS\System32\drivers\RtConvEQ.DAT -> [2009/03/12 01:56:32 | 000,090,772 | ---- | C] ()
 RtHdatEx.dat -> C:\WINDOWS\System32\drivers\RtHdatEx.dat -> [2009/03/12 01:56:32 | 000,000,536 | ---- | C] ()
 RTEQEX2.dat -> C:\WINDOWS\System32\drivers\RTEQEX2.dat -> [2009/03/12 01:56:32 | 000,000,520 | ---- | C] ()
 RTEQEX1.dat -> C:\WINDOWS\System32\drivers\RTEQEX1.dat -> [2009/03/12 01:56:32 | 000,000,520 | ---- | C] ()
 RTEQEX0.dat -> C:\WINDOWS\System32\drivers\RTEQEX0.dat -> [2009/03/12 01:56:32 | 000,000,520 | ---- | C] ()
 SamSfPa.dat -> C:\WINDOWS\System32\drivers\SamSfPa.dat -> [2009/03/12 01:56:32 | 000,000,164 | ---- | C] ()
 rtkhdaud.dat -> C:\WINDOWS\System32\drivers\rtkhdaud.dat -> [2009/03/12 01:56:32 | 000,000,016 | ---- | C] ()
 igfxCoIn_v4926.dll -> C:\WINDOWS\System32\igfxCoIn_v4926.dll -> [2009/03/12 01:55:36 | 000,147,456 | ---- | C] ()
 AMove.exe -> C:\WINDOWS\AMove.exe -> [2009/03/12 01:10:15 | 000,032,768 | ---- | C] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2009/03/12 01:10:15 | 000,006,782 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/03/12 01:09:26 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2009/03/12 01:06:10 | 000,021,640 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2009/03/12 01:05:25 | 000,001,793 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2009/03/11 17:03:29 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/03/11 17:02:48 | 000,248,696 | ---- | C] ()
 LauncheRyDiscCalc.exe -> C:\WINDOWS\LauncheRyDiscCalc.exe -> [2009/03/11 08:53:14 | 000,020,480 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2009/03/11 08:53:06 | 000,004,569 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/03/11 08:53:05 | 000,435,450 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2009/03/11 08:53:05 | 000,272,128 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/03/11 08:53:05 | 000,069,020 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2009/03/11 08:53:05 | 000,028,626 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2009/03/11 08:53:04 | 013,107,200 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2009/03/11 08:53:04 | 000,004,524 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2009/03/11 08:53:04 | 000,000,741 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2009/03/11 08:53:02 | 000,673,088 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2009/03/11 08:53:02 | 000,046,258 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2009/03/11 08:52:59 | 000,218,003 | ---- | C] ()
 Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2009/03/11 08:52:57 | 000,001,804 | ---- | C] ()
 
[File - Lop Check]
 Acer GameZone Console -> C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console -> [2009/03/12 02:06:59 | 000,000,000 | ---D | M]
 Super-Cow -> C:\Documents and Settings\Administrator\Application Data\Super-Cow -> [2009/03/12 02:27:54 | 000,000,000 | ---D | M]
 AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10 -> [2011/08/02 01:28:46 | 000,000,000 | ---D | M]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/11/23 17:42:21 | 000,000,000 | ---D | M]
 Common Files -> C:\Documents and Settings\All Users\Application Data\Common Files -> [2010/11/23 17:50:10 | 000,000,000 | -H-D | M]
 eSobi -> C:\Documents and Settings\All Users\Application Data\eSobi -> [2009/10/06 13:45:30 | 000,000,000 | ---D | M]
 Leapfrog -> C:\Documents and Settings\All Users\Application Data\Leapfrog -> [2011/01/24 13:44:38 | 000,000,000 | ---D | M]
 MFAData -> C:\Documents and Settings\All Users\Application Data\MFAData -> [2011/08/02 01:26:14 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2011/08/02 17:47:37 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\All Users\Application Data\TomTom -> [2010/11/29 16:39:49 | 000,000,000 | ---D | M]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/04/21 17:17:38 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/10/06 22:16:28 | 000,000,000 | ---D | M]
 Acer -> C:\Documents and Settings\Default User\Application Data\Acer -> [2009/03/12 02:32:46 | 000,000,000 | ---D | M]
 Acer GameZone Console -> C:\Documents and Settings\Default User\Application Data\Acer GameZone Console -> [2009/03/12 02:06:59 | 000,000,000 | ---D | M]
 Super-Cow -> C:\Documents and Settings\Default User\Application Data\Super-Cow -> [2009/03/12 02:27:54 | 000,000,000 | ---D | M]
 Acer -> C:\Documents and Settings\Sara Pitcher\Application Data\Acer -> [2009/03/12 02:32:46 | 000,000,000 | ---D | M]
 Acer GameZone Console -> C:\Documents and Settings\Sara Pitcher\Application Data\Acer GameZone Console -> [2009/03/12 02:06:59 | 000,000,000 | ---D | M]
 AVG -> C:\Documents and Settings\Sara Pitcher\Application Data\AVG -> [2010/11/24 17:56:46 | 000,000,000 | ---D | M]
 AVG10 -> C:\Documents and Settings\Sara Pitcher\Application Data\AVG10 -> [2010/11/23 17:52:16 | 000,000,000 | ---D | M]
 com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Sara Pitcher\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2009/10/06 13:59:05 | 000,000,000 | ---D | M]
 eSobi -> C:\Documents and Settings\Sara Pitcher\Application Data\eSobi -> [2009/10/06 13:45:04 | 000,000,000 | ---D | M]
 FrostWire -> C:\Documents and Settings\Sara Pitcher\Application Data\FrostWire -> [2011/07/01 10:17:11 | 000,000,000 | ---D | M]
 LimeWire -> C:\Documents and Settings\Sara Pitcher\Application Data\LimeWire -> [2010/08/31 20:49:27 | 000,000,000 | ---D | M]
 MSNInstaller -> C:\Documents and Settings\Sara Pitcher\Application Data\MSNInstaller -> [2009/10/06 22:18:29 | 000,000,000 | ---D | M]
 OpenCandy -> C:\Documents and Settings\Sara Pitcher\Application Data\OpenCandy -> [2010/11/14 00:34:16 | 000,000,000 | ---D | M]
 Super-Cow -> C:\Documents and Settings\Sara Pitcher\Application Data\Super-Cow -> [2009/03/12 02:27:54 | 000,000,000 | ---D | M]
 Tencent -> C:\Documents and Settings\Sara Pitcher\Application Data\Tencent -> [2011/06/29 13:32:38 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\Sara Pitcher\Application Data\TomTom -> [2010/11/29 16:37:21 | 000,000,000 | ---D | M]
 Acer -> C:\Documents and Settings\tytyty\Application Data\Acer -> [2009/03/12 02:32:46 | 000,000,000 | ---D | M]
 Acer GameZone Console -> C:\Documents and Settings\tytyty\Application Data\Acer GameZone Console -> [2009/03/12 02:06:59 | 000,000,000 | ---D | M]
 Super-Cow -> C:\Documents and Settings\tytyty\Application Data\Super-Cow -> [2009/03/12 02:27:54 | 000,000,000 | ---D | M]
[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE  /md5 /s >
 explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ERDNT\cache\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\system32\dllcache\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE  /md5 /s >
 svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ERDNT\cache\svchost.exe -> [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\system32\dllcache\svchost.exe -> [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\system32\svchost.exe -> [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE  /md5 /s >
 userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ERDNT\cache\userinit.exe -> [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\system32\dllcache\userinit.exe -> [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.IN_  /md5 /s >
 VOLSNAP.IN_ : MD5=62C53D73B499DF617902EEA3C96F7D89 -> C:\i386\VOLSNAP.IN_ -> [2008/04/14 08:00:00 | 000,000,698 | ---- | M] ()
< %systemdrive%\VOLSNAP.INF  /md5 /s >
 volsnap.inf : MD5=1C43F4D998567C9D2463E18669F33A3C -> C:\WINDOWS\inf\volsnap.inf -> [2008/04/14 08:00:00 | 000,001,095 | ---- | M] ()
< %systemdrive%\VOLSNAP.PNF  /md5 /s >
 volsnap.PNF : MD5=54635CCD3B57AE482F1F0916A42D5D07 -> C:\WINDOWS\inf\volsnap.PNF -> [2011/08/02 02:23:01 | 000,004,964 | ---- | M] ()
< %systemdrive%\VOLSNAP.SY_  /md5 /s >
 VOLSNAP.SY_ : MD5=64409F40C23B1395594B71E4EB54E019 -> C:\i386\VOLSNAP.SY_ -> [2008/04/14 08:00:00 | 000,025,386 | ---- | M] ()
< %systemdrive%\VOLSNAP.SYS  /md5 /s >
 volsnap.sys : MD5=4C8FCB5CC53AAB716D810740FE59D025 -> C:\WINDOWS\system32\dllcache\volsnap.sys -> [2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=4C8FCB5CC53AAB716D810740FE59D025 -> C:\WINDOWS\system32\drivers\volsnap.sys -> [2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE  /md5 /s >
 winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ERDNT\cache\winlogon.exe -> [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\system32\dllcache\winlogon.exe -> [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\SHMGRATE.EXE [%SYSTEMROOT%\SYSTEM32\SHMGRATE.EXE OCINSTALLREINSTALLIE] -> [2008/04/14 08:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\SHMGRATE.EXE [%SYSTEMROOT%\SYSTEM32\SHMGRATE.EXE OCINSTALLHIDEIE] -> [2008/04/14 08:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\SHMGRATE.EXE [%SYSTEMROOT%\SYSTEM32\SHMGRATE.EXE OCINSTALLSHOWIE] -> [2008/04/14 08:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2008/04/14 08:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
Restore point Set: OTS Restore Point (0)
 
[Alternate Data Streams]
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

  • 0

#8
Essexboy
Posted 03 August 2011 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List] 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}" [HKLM] -> [Reg Error: Key error.]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Stinky1527
Posted 03 August 2011 - 03:59 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
From the OTS:


All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sara Pitcher\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Sara Pitcher\My Documents\Downloads\cmd.txt deleted successfully.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 3232 bytes

User: All Users

User: Default User
->Temp folder emptied: 9707039 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
->Java cache emptied: 1013 bytes
->Flash cache emptied: 74426 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 5774 bytes
->Flash cache emptied: 129812 bytes

User: Sara Pitcher
->Temp folder emptied: 142048840 bytes
->Temporary Internet Files folder emptied: 55382482 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52633483 bytes
->Flash cache emptied: 13400 bytes

User: tytyty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41440 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1572713 bytes
%systemroot%\System32 .tmp files removed: 42567112 bytes
%systemroot%\System32\dllcache .tmp files removed: 32930448 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48712 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 46395 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 322.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Sara Pitcher
->Flash cache emptied: 0 bytes

User: tytyty
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 08032011_175315

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




From Malwarebytes:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/3/2011 6:07:03 PM
mbam-log-2011-08-03 (18-07-03).txt

Scan type: Quick scan
Objects scanned: 177306
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



All is running smoothly, Thank You sooooo much for your help! You did an awesome job! :)

Edited by Stinky1527, 03 August 2011 - 04:20 PM.

  • 0

#10
Essexboy
Posted 04 August 2011 - 11:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CLEARALLRESTOREPOINTS]


Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

Advertisements

#11
Stinky1527
Posted 04 August 2011 - 05:55 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have completed all the updates, still running with no virus. The only thing is it seem a little slower now.
  • 0

#12
Essexboy
Posted 05 August 2011 - 11:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you mean you have no antivirus installed ?

At what stage is it slower, boot or general running ?
  • 0

#13
Stinky1527
Posted 05 August 2011 - 07:36 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I meant I have no viruses showing. I think the running slowly was just the explorer browser. Firefox runs fine.
  • 0

#14
Essexboy
Posted 06 August 2011 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can resolve the IE problem

Download and install IE8 then let me know how that works
  • 0

#15
Stinky1527
Posted 07 August 2011 - 05:10 PM

Stinky1527

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Everything seems to be running fine now, thank you again for all your help! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP