Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MSE Won't Run

Started by Faewild , Aug 03 2011 10:01 AM

  • This topic is locked This topic is locked

#1
Faewild
Posted 03 August 2011 - 10:01 AM

Faewild

    New Member

  • Member
  • Pip
  • 6 posts
Okay... I'm sorry if I'm very bad at this, I'm not very great with computers so. I got OTL, and someone mentioned TDSSKiller so I got that, and I've tried Spybot and Malwarebytes, but nothing's been able to fix the problem (I even did a system restore just in case). I'm also getting redirects. I click a link related to Miscrosoft Security Essentials, and I get directed to some malicious site. I followed the instructions on another thread for fixing google redirects, and it didn't work, I'm still getting them. I also tried the Malicious Software Removal tool from Microsoft? But that wouldn't start up either.

I also uninstalled and reinstalled MSE.

I haven't noticed any other changes to my system.

OTL logfile created on: 8/3/2011 8:53:01 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cristal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.67% Memory free
11.65 Gb Paging File | 10.65 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): C:\pagefile.sys 10046 10092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 325.32 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive J: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CRYSTAL-E924A35 | User Name: Cristal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 08:52:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.com
PRC - [2011/08/02 04:09:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/30 02:59:39 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 02:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 09:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 08:52:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/18 22:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/27 12:32:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/07 20:26:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/22 18:58:48 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 18:58:38 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 18:58:24 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 18:58:08 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/18 19:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Cristal\My Documents\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008/07/01 12:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/30 20:00:32 | 000,395,648 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/03/03 17:27:08 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA111nd5.sys -- (WlanUIB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)


[2011/08/03 08:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 04:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 15:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 03:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 01:41:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 09:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/29 23:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/02 00:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/23 11:33:19 | 000,436,064 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Cristal\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.66.196 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 15:00:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 02:12:50 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell - "" = AutoRun
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 08:36:48 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cristal\Desktop\TDSSKiller.exe
[2011/08/03 08:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/03 08:31:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/03 07:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Malwarebytes
[2011/08/03 07:15:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/03 07:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/03 07:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/03 07:15:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/03 07:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2011/07/31 00:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/27 02:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Steam
[2011/07/26 06:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2011/07/26 06:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Desktop\Zombies
[2011/07/26 06:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Mobipocket.com
[2011/07/26 06:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2011/07/26 06:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/07/26 06:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\.kindle
[2011/07/25 04:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\gtk-2.0
[2011/07/25 04:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\mypaint
[2011/07/25 04:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\MyPaint
[2011/07/25 04:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\MyPaint
[2011/07/19 14:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Aleesoft
[2011/07/19 13:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\My Documents\Aiseesoft Studio
[2011/07/19 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Aiseesoft Studio
[2011/07/12 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/07/09 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2004/03/03 17:27:08 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 08:33:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/03 08:33:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 08:13:52 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\Yiltqfh.job
[2011/08/03 08:13:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 08:04:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003UA.job
[2011/08/03 07:50:36 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job
[2011/08/03 06:26:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 03:04:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003Core.job
[2011/08/03 01:00:06 | 000,020,886 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\POSER_PRO_2010_V_8.3.5455184.TPB.torrent
[2011/08/03 00:58:32 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\pentnto.dll
[2011/08/01 03:18:56 | 000,466,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/01 03:18:56 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/31 06:05:02 | 000,003,518 | ---- | M] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/07/31 00:09:41 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cristal\Desktop\TDSSKiller.exe
[2011/07/29 16:56:54 | 003,150,618 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/26 05:42:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/25 04:34:10 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:41 | 000,496,037 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:33:01 | 008,265,939 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/25 03:16:39 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 03:33:23 | 000,340,772 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/23 11:33:19 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/23 09:49:03 | 002,051,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/19 22:24:31 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/16 09:47:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/14 20:01:38 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Google Chrome.lnk
[2011/07/14 20:01:38 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cristal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 22:10:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 19:07:02 | 000,588,522 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:41 | 000,003,438 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:35 | 000,005,415 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:15:57 | 000,026,485 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:09 | 004,069,101 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:13 | 000,653,152 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:39 | 000,190,529 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:14 | 000,011,956 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/07/07 03:04:57 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-113319.backup
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 08:33:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/03 01:00:09 | 000,020,886 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\POSER_PRO_2010_V_8.3.5455184.TPB.torrent
[2011/08/03 00:58:33 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\Yiltqfh.job
[2011/08/03 00:58:32 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\pentnto.dll
[2011/07/31 06:05:02 | 000,003,518 | ---- | C] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/07/31 00:09:41 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 16:56:15 | 003,150,618 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/29 16:27:45 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/25 04:34:10 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:40 | 000,496,037 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:32:22 | 008,265,939 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/24 03:48:28 | 000,350,208 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\oC11b72rv1.exe
[2011/07/24 03:33:26 | 000,340,772 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/19 22:22:14 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/13 19:07:02 | 000,588,522 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:40 | 000,003,438 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:34 | 000,005,415 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:16:01 | 000,026,485 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:06 | 004,069,101 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:08 | 000,653,152 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:43 | 000,190,529 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:23 | 000,011,956 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/04/08 01:51:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 19:26:38 | 691,689,674 | ---- | C] () -- C:\Program Files\Smith Micro.zip
[2011/01/10 00:54:10 | 000,252,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/10 00:54:06 | 000,252,852 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/10 00:54:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/08 06:47:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/30 15:39:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/21 09:39:27 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SetupX32.EXE
[2010/12/07 17:46:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/29 17:47:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/30 05:35:03 | 000,305,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/23 16:22:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/21 22:48:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/06/07 23:44:00 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/07 22:48:06 | 000,001,929 | ---- | C] () -- C:\WINDOWS\Tablet8000x6000.ini
[2010/06/07 20:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 15:10:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/05/27 15:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 14:56:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 13:10:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 13:10:06 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 06:40:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/27 06:39:22 | 002,051,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 10:15:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 05:04:44 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2008/04/14 02:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/04/24 12:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2007/02/23 18:05:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/23 17:59:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/31 04:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/29 20:53:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 03:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,466,314 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,080,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/30 14:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/12 11:02:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/07 23:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CELSYS
[2010/06/07 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/08/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2010/11/07 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/02/11 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/07/19 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/31 00:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/03/04 21:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Amazon
[2010/10/04 02:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\AVG9
[2011/08/02 21:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2010/06/07 23:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\DAEMON Tools Lite
[2010/12/10 23:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\FoxyTunes
[2011/07/01 20:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Free Sound Recorder
[2010/07/21 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\GrabPro
[2010/06/07 20:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\InterTrust
[2010/07/06 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Laplink
[2011/07/26 06:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2010/06/22 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\MSNInstaller
[2010/06/18 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\OpenOffice.org
[2010/08/13 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Orbit
[2010/06/07 23:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Smith Micro
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SYSTEMAX Software Development
[2011/07/24 23:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SystemRequirementsLab
[2011/08/03 06:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\uTorrent
[2010/06/08 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Windows Live Writer
[2011/08/03 07:50:36 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job
[2011/08/03 08:13:52 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\Yiltqfh.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >


There's also an extras?


OTL Extras logfile created on: 8/3/2011 8:53:01 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cristal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.67% Memory free
11.65 Gb Paging File | 10.65 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): C:\pagefile.sys 10046 10092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 325.32 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive J: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CRYSTAL-E924A35 | User Name: Cristal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Cristal\Local Settings\Apps\2.0\VTYJLQ1R.7L3\Q74RJTLP.8BG\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe" = C:\Documents and Settings\Cristal\Local Settings\Apps\2.0\VTYJLQ1R.7L3\Q74RJTLP.8BG\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe:*:Enabled:Curse Client 4.0
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Cristal\Local Settings\Temp\jZip\jZip1D1D4\jZip202CE\oC11b72rv1.exe" = C:\Documents and Settings\Cristal\Local Settings\Temp\jZip\jZip1D1D4\jZip202CE\oC11b72rv1.exe:*:Enabled:oC11b72rv1
"C:\Program Files\Steam\steamapps\faewild\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\faewild\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C38EB05-3259-4DD3-9663-74A60C80BA4E}" = Diskeeper Home Edition
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BAC9CCE-A0F6-4A05-A8B2-1FE2F4D3E44C}" = ASUS WL-330gE Wireless AP
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C837F717-E6DC-41D1-8F97-FC07A0826AE2}" = Intel® Platform Administration Technology
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4280946-3773-490C-9A7B-1FCD0E6CB0CF}" = Intel® Integrator Assistant
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Amazon Kindle For PC" = Amazon Kindle For PC
"Audacity_is1" = Audacity 1.2.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Content Uploader" = DivX Content Uploader
"Easy GIF Animator_is1" = Easy GIF Animator 4.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"JTablet" = JTablet
"jZip" = jZip
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Manga Studio EX 4.0" = Manga Studio EX 4.0
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Setup Support for ShopToWin" = Setup Support for ShopToWin 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in
"Google Chrome" = Google Chrome
"KindlePreviewer" = Kindle Previewer
"MyPaint" = MyPaint 0.9.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2011 8:53:54 AM | Computer Name = CRYSTAL-E924A35 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19547

Error - 8/2/2011 8:53:56 AM | Computer Name = CRYSTAL-E924A35 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/2/2011 8:53:56 AM | Computer Name = CRYSTAL-E924A35 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21500

Error - 8/2/2011 8:53:56 AM | Computer Name = CRYSTAL-E924A35 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21500

Error - 8/3/2011 11:33:41 AM | Computer Name = CRYSTAL-E924A35 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/3/2011 11:33:48 AM | Computer Name = CRYSTAL-E924A35 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/3/2011 11:49:00 AM | Computer Name = CRYSTAL-E924A35 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 11:49:05 AM | Computer Name = CRYSTAL-E924A35 | Source = Application Hang | ID = 1001
Description = Fault bucket -1769855255.

Error - 8/3/2011 11:50:35 AM | Computer Name = CRYSTAL-E924A35 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.scr, version 3.2.26.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 11:50:37 AM | Computer Name = CRYSTAL-E924A35 | Source = Application Hang | ID = 1001
Description = Fault bucket -1747832642.

[ System Events ]
Error - 8/1/2011 5:41:53 AM | Computer Name = CRYSTAL-E924A35 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 000FB5004724.

Error - 8/1/2011 5:43:28 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/1/2011 9:47:43 PM | Computer Name = CRYSTAL-E924A35 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 000FB5004724.

Error - 8/1/2011 9:49:22 PM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/2/2011 4:22:08 PM | Computer Name = CRYSTAL-E924A35 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.6 on
the Network Card with network address 000FB5004724.

Error - 8/3/2011 12:51:39 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/3/2011 9:30:59 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/3/2011 10:06:41 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/3/2011 11:15:01 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/3/2011 11:44:58 AM | Computer Name = CRYSTAL-E924A35 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

Edited by Faewild, 03 August 2011 - 11:32 AM.

  • 0

Advertisements

#2
BlackOxide
Posted 03 August 2011 - 11:59 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Faewild! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following steps for me please, then get back to me with the logs that are created...


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
Faewild
Posted 03 August 2011 - 04:42 PM

Faewild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ah, thank you very much! Okay, here we go. In order, the OTL scan then the aswMBR scan.





OTL logfile created on: 8/3/2011 3:31:00 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cristal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.87% Memory free
11.65 Gb Paging File | 10.44 Gb Available in Paging File | 89.64% Paging File free
Paging file location(s): C:\pagefile.sys 10046 10092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 325.83 Gb Free Space | 69.96% Space Free | Partition Type: NTFS
Drive J: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CRYSTAL-E924A35 | User Name: Cristal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 08:42:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.exe
PRC - [2011/08/02 04:09:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/30 02:59:39 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/28 18:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 02:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 09:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 08:42:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/18 22:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/27 12:32:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/07 20:26:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/22 18:58:48 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 18:58:38 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 18:58:24 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 18:58:08 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/18 19:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Cristal\My Documents\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008/07/01 12:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/30 20:00:32 | 000,395,648 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/03/03 17:27:08 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA111nd5.sys -- (WlanUIB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-1450960922-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)


[2011/08/03 08:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 04:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 15:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 03:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 01:41:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 09:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/29 23:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/02 00:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/03 10:07:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-1450960922-299502267-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-527237240-1450960922-299502267-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-527237240-1450960922-299502267-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-527237240-1450960922-299502267-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-527237240-1450960922-299502267-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-527237240-1450960922-299502267-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Cristal\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1450960922-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-527237240-1450960922-299502267-1003\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.66.196 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 15:00:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 02:12:50 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell - "" = AutoRun
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 15:31:39 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Cristal\Desktop\aswMBR.exe
[2011/08/03 10:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\SUPERAntiSpyware.com
[2011/08/03 10:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 10:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/03 10:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/03 10:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/03 10:07:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/03 08:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/03 08:31:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/03 07:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Malwarebytes
[2011/08/03 07:15:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/03 07:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/03 07:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/03 07:15:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/03 07:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2011/07/31 00:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/27 02:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Steam
[2011/07/26 06:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2011/07/26 06:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Desktop\Zombies
[2011/07/26 06:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Mobipocket.com
[2011/07/26 06:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2011/07/26 06:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/07/26 06:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\.kindle
[2011/07/25 04:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\gtk-2.0
[2011/07/25 04:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\mypaint
[2011/07/25 04:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\MyPaint
[2011/07/25 04:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\MyPaint
[2011/07/19 14:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Aleesoft
[2011/07/19 13:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\My Documents\Aiseesoft Studio
[2011/07/19 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Aiseesoft Studio
[2011/07/12 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/07/09 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2004/03/03 17:27:08 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys

========== Files - Modified Within 30 Days ==========

[2011/08/03 15:32:30 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Cristal\Desktop\aswMBR.exe
[2011/08/03 15:31:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job
[2011/08/03 15:04:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003UA.job
[2011/08/03 11:35:59 | 000,003,518 | ---- | M] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/08/03 10:14:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 10:14:11 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\Yiltqfh.job
[2011/08/03 10:14:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 10:07:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/03 08:33:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/03 06:26:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 03:04:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003Core.job
[2011/08/03 00:58:32 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\pentnto.dll
[2011/08/01 03:18:56 | 000,466,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/01 03:18:56 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/31 00:09:41 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 16:56:54 | 003,150,618 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/26 05:42:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/25 04:34:10 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:41 | 000,496,037 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:33:01 | 008,265,939 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/25 03:16:39 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 03:33:23 | 000,340,772 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/23 09:49:03 | 002,051,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/19 22:24:31 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/16 09:47:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/14 20:01:38 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Google Chrome.lnk
[2011/07/14 20:01:38 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cristal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 22:10:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 19:07:02 | 000,588,522 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:41 | 000,003,438 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:35 | 000,005,415 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:15:57 | 000,026,485 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:09 | 004,069,101 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:13 | 000,653,152 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:39 | 000,190,529 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:14 | 000,011,956 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/07/07 03:04:57 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-113319.backup
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/03 11:35:59 | 000,003,518 | ---- | C] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/08/03 08:33:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/03 00:58:33 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\Yiltqfh.job
[2011/08/03 00:58:32 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\pentnto.dll
[2011/07/31 00:09:41 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 16:56:15 | 003,150,618 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/29 16:27:45 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/25 04:34:10 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:40 | 000,496,037 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:32:22 | 008,265,939 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/24 03:48:28 | 000,350,208 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\oC11b72rv1.exe
[2011/07/24 03:33:26 | 000,340,772 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/19 22:22:14 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/13 19:07:02 | 000,588,522 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:40 | 000,003,438 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:34 | 000,005,415 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:16:01 | 000,026,485 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:06 | 004,069,101 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:08 | 000,653,152 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:43 | 000,190,529 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:23 | 000,011,956 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/04/08 01:51:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 19:26:38 | 691,689,674 | ---- | C] () -- C:\Program Files\Smith Micro.zip
[2011/01/10 00:54:10 | 000,252,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/10 00:54:06 | 000,252,852 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/10 00:54:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/08 06:47:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/30 15:39:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/21 09:39:27 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SetupX32.EXE
[2010/12/07 17:46:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/29 17:47:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/30 05:35:03 | 000,305,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/23 16:22:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/21 22:48:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/06/07 23:44:00 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/07 22:48:06 | 000,001,929 | ---- | C] () -- C:\WINDOWS\Tablet8000x6000.ini
[2010/06/07 20:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 15:10:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/05/27 15:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 14:56:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 13:10:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 13:10:06 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 06:40:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/27 06:39:22 | 002,051,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 10:15:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 05:04:44 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2008/04/14 02:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/04/24 12:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2007/02/23 18:05:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/23 17:59:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/31 04:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/29 20:53:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 03:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,466,314 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,080,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/03 10:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/06/30 14:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/12 11:02:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/07 23:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CELSYS
[2010/06/07 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/08/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2010/11/07 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/02/11 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/07/19 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/31 00:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/03/04 21:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Amazon
[2010/10/04 02:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\AVG9
[2011/08/02 21:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2010/06/07 23:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\DAEMON Tools Lite
[2010/12/10 23:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\FoxyTunes
[2011/07/01 20:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Free Sound Recorder
[2010/07/21 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\GrabPro
[2010/06/07 20:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\InterTrust
[2010/07/06 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Laplink
[2011/07/26 06:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2010/06/22 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\MSNInstaller
[2010/06/18 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\OpenOffice.org
[2010/08/13 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Orbit
[2010/06/07 23:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Smith Micro
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SYSTEMAX Software Development
[2011/07/24 23:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SystemRequirementsLab
[2011/08/03 06:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\uTorrent
[2010/06/08 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Windows Live Writer
[2011/08/03 15:31:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job
[2011/08/03 10:14:11 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\Yiltqfh.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >






aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-03 15:40:36
-----------------------------
15:40:36.489 OS Version: Windows 5.1.2600 Service Pack 3
15:40:36.489 Number of processors: 4 586 0x1C02
15:40:36.489 ComputerName: CRYSTAL-E924A35 UserName: Cristal
15:40:38.786 Initialize success
15:41:05.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
15:41:05.896 Disk 0 Vendor: WDC_WD5000AAKS-22V1A0 05.01D05 Size: 476940MB BusType: 3
15:41:07.958 Disk 0 MBR read successfully
15:41:07.974 Disk 0 MBR scan
15:41:07.974 Disk 0 Windows XP default MBR code
15:41:07.989 Disk 0 scanning sectors +976752000
15:41:08.036 Disk 0 scanning C:\WINDOWS\system32\drivers
15:41:12.286 Service scanning
15:41:13.568 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:41:13.614 Service Tablet2k C:\WINDOWS\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
15:41:14.255 Modules scanning
15:41:35.896 Disk 0 trace - called modules:
15:41:35.943 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spoc.sys >>UNKNOWN [0x8a3b2938]<<
15:41:35.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2ebab8]
15:41:35.974 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a3449e8]
15:41:35.989 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a2edb00]
15:41:36.005 Scan finished successfully
15:42:08.146 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cristal\Desktop\MBR.dat"
15:42:08.193 The log file has been saved successfully to "C:\Documents and Settings\Cristal\Desktop\log.txt"
  • 0

#4
BlackOxide
Posted 04 August 2011 - 11:51 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Thanks for the logs. Lets now go ahead and start removing some items which were found. Could you get back to me with the relevant logs at the end please.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/08/03 10:14:11 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\Yiltqfh.job
[2011/08/03 00:58:32 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\pentnto.dll

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Run a fresh TDSSKiller scan by downloading the latest version

Please read carefully and follow these steps.
  • Delete your current copy of TDSSKiller and then Download a new copy from here and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




In your next reply
Please post the contents of...
OTL log
TDSSKiller log
  • 0

#5
Faewild
Posted 04 August 2011 - 09:44 PM

Faewild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL:



OTL logfile created on: 8/4/2011 8:33:21 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cristal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.11% Memory free
11.65 Gb Paging File | 10.52 Gb Available in Paging File | 90.30% Paging File free
Paging file location(s): C:\pagefile.sys 10046 10092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 321.21 Gb Free Space | 68.97% Space Free | Partition Type: NTFS
Drive J: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CRYSTAL-E924A35 | User Name: Cristal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 08:42:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.exe
PRC - [2011/08/02 04:09:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/30 02:59:39 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/28 18:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/07/27 01:03:22 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 02:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 09:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 08:42:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cristal\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/18 22:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/27 12:32:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/04 05:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/03/09 15:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/07 20:26:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/22 18:58:48 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 18:58:38 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 18:58:24 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 18:58:08 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/18 19:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Cristal\My Documents\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008/07/01 12:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/30 20:00:32 | 000,395,648 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/03/03 17:27:08 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA111nd5.sys -- (WlanUIB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cristal\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)


[2011/08/03 08:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 04:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 15:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 03:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 01:41:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 09:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/29 23:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/02 00:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/04 20:27:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Cristal\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.66.196 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cristal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 15:00:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 02:12:50 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell - "" = AutoRun
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08c03276-72ae-11df-99bb-001cc0ce11dd}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2010/09/21 00:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 20:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/03 10:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\SUPERAntiSpyware.com
[2011/08/03 10:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 10:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/03 10:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/03 10:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/03 10:07:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/03 08:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/03 08:31:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/03 07:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Malwarebytes
[2011/08/03 07:15:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/03 07:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/03 07:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/03 07:15:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/03 07:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2011/07/31 00:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/27 02:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Steam
[2011/07/26 06:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2011/07/26 06:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Desktop\Zombies
[2011/07/26 06:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\Mobipocket.com
[2011/07/26 06:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2011/07/26 06:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/07/26 06:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\.kindle
[2011/07/25 04:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\gtk-2.0
[2011/07/25 04:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Local Settings\Application Data\mypaint
[2011/07/25 04:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Start Menu\Programs\MyPaint
[2011/07/25 04:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\MyPaint
[2011/07/19 14:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Aleesoft
[2011/07/19 13:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\My Documents\Aiseesoft Studio
[2011/07/19 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Aiseesoft Studio
[2011/07/12 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/07/09 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2004/03/03 17:27:08 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys

========== Files - Modified Within 30 Days ==========

[2011/08/04 20:41:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job
[2011/08/04 20:29:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 20:29:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 20:27:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/04 20:04:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003UA.job
[2011/08/04 12:28:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/04 08:26:54 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Forsaken World.url
[2011/08/04 03:04:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1450960922-299502267-1003Core.job
[2011/08/04 00:49:09 | 001,865,450 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\color_me__rune_by_faewild-d4247v7.psd
[2011/08/03 22:07:25 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Google Chrome.lnk
[2011/08/03 22:07:25 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cristal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/03 11:35:59 | 000,003,518 | ---- | M] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/08/03 08:33:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/03 06:26:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 03:18:56 | 000,466,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/01 03:18:56 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/31 00:09:41 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 16:56:54 | 003,150,618 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/25 04:34:10 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:41 | 000,496,037 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:33:01 | 008,265,939 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/25 03:16:39 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 03:33:23 | 000,340,772 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/23 09:49:03 | 002,051,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/19 22:24:31 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/16 09:47:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/13 22:10:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 19:07:02 | 000,588,522 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:41 | 000,003,438 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:35 | 000,005,415 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:15:57 | 000,026,485 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:09 | 004,069,101 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:13 | 000,653,152 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:39 | 000,190,529 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:14 | 000,011,956 | ---- | M] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/07/07 03:04:57 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-113319.backup
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/04 08:26:54 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\Forsaken World.url
[2011/08/04 00:27:52 | 001,865,450 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\color_me__rune_by_faewild-d4247v7.psd
[2011/08/03 11:35:59 | 000,003,518 | ---- | C] () -- C:\Documents and Settings\Cristal\.recently-used.xbel
[2011/08/03 08:33:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/31 00:09:41 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011/07/29 16:56:15 | 003,150,618 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\popo.mp3
[2011/07/29 16:27:45 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/25 04:34:10 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\MyPaint.lnk
[2011/07/25 04:33:40 | 000,496,037 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\ramon2.zip
[2011/07/25 04:32:22 | 008,265,939 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\mypaint-0.9.1-win32-installer.exe
[2011/07/24 03:48:28 | 000,350,208 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\oC11b72rv1.exe
[2011/07/24 03:33:26 | 000,340,772 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\oC11b72rv1.zip
[2011/07/19 22:22:14 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\vlc-1.1.11-win32.exe
[2011/07/13 19:07:02 | 000,588,522 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.psd
[2011/07/13 18:48:40 | 000,003,438 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\0101.png
[2011/07/13 17:37:34 | 000,005,415 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\htarsy.rtf
[2011/07/11 06:57:59 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Cristal\Desktop\Shortcut to TS3W.lnk
[2011/07/10 23:16:01 | 000,026,485 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\The_Sims_3_Generations-RELOADED.6427325.TPB.torrent
[2011/07/09 10:57:06 | 004,069,101 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\PaintTool SAI English Pack.zip
[2011/07/09 04:10:08 | 000,653,152 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\yay.jpg
[2011/07/09 00:28:43 | 000,190,529 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\zombe's_modpack-v4.29_MC.beta.1.7.3.zip
[2011/07/07 18:25:23 | 000,011,956 | ---- | C] () -- C:\Documents and Settings\Cristal\My Documents\MonsterBox.jar
[2011/04/08 01:51:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 19:26:38 | 691,689,674 | ---- | C] () -- C:\Program Files\Smith Micro.zip
[2011/01/10 00:54:10 | 000,252,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/10 00:54:06 | 000,252,852 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/10 00:54:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/08 06:47:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/30 15:39:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/21 09:39:27 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SetupX32.EXE
[2010/12/07 17:46:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/29 17:47:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/30 05:35:03 | 000,305,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/23 16:22:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/21 22:48:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/06/07 23:44:00 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/07 22:48:06 | 000,001,929 | ---- | C] () -- C:\WINDOWS\Tablet8000x6000.ini
[2010/06/07 20:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 15:10:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/05/27 15:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 14:56:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 13:10:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 13:10:06 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Cristal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 06:40:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/27 06:39:22 | 002,051,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 10:15:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 05:04:44 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2008/04/14 02:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/04/24 12:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2007/02/23 18:05:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/23 17:59:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/31 04:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/29 20:53:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 03:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,466,314 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,080,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/03 10:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/06/30 14:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/12 11:02:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/07 23:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CELSYS
[2010/06/07 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/08/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2010/11/07 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/02/11 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/07/19 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/31 00:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\.minecraft
[2011/03/04 21:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Amazon
[2010/10/04 02:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\AVG9
[2011/08/02 21:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Crayon Physics Deluxe
[2010/06/07 23:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\DAEMON Tools Lite
[2010/12/10 23:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\FoxyTunes
[2011/07/01 20:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Free Sound Recorder
[2010/07/21 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\GrabPro
[2010/06/07 20:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\InterTrust
[2010/07/06 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Laplink
[2011/07/26 06:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Mobipocket Reader
[2010/06/22 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\MSNInstaller
[2010/06/18 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\OpenOffice.org
[2010/08/13 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Orbit
[2010/06/07 23:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Smith Micro
[2010/12/20 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SYSTEMAX Software Development
[2011/07/24 23:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\SystemRequirementsLab
[2011/08/03 06:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\uTorrent
[2010/06/08 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cristal\Application Data\Windows Live Writer
[2011/08/04 20:41:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE6EB0A6-C4C2-4D43-9ABA-7DB2B7477086}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >



TDSS:



2011/08/04 20:42:34.0734 2760 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 20:42:35.0265 2760 ================================================================================
2011/08/04 20:42:35.0265 2760 SystemInfo:
2011/08/04 20:42:35.0265 2760
2011/08/04 20:42:35.0265 2760 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/04 20:42:35.0265 2760 Product type: Workstation
2011/08/04 20:42:35.0265 2760 ComputerName: CRYSTAL-E924A35
2011/08/04 20:42:35.0265 2760 UserName: Cristal
2011/08/04 20:42:35.0265 2760 Windows directory: C:\WINDOWS
2011/08/04 20:42:35.0265 2760 System windows directory: C:\WINDOWS
2011/08/04 20:42:35.0265 2760 Processor architecture: Intel x86
2011/08/04 20:42:35.0265 2760 Number of processors: 4
2011/08/04 20:42:35.0265 2760 Page size: 0x1000
2011/08/04 20:42:35.0265 2760 Boot type: Normal boot
2011/08/04 20:42:35.0265 2760 ================================================================================
2011/08/04 20:42:36.0640 2760 Initialize success
2011/08/04 20:42:46.0750 3100 ================================================================================
2011/08/04 20:42:46.0750 3100 Scan started
2011/08/04 20:42:46.0750 3100 Mode: Manual;
2011/08/04 20:42:46.0750 3100 ================================================================================
2011/08/04 20:42:48.0156 3100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/04 20:42:48.0218 3100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/04 20:42:48.0375 3100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/04 20:42:48.0421 3100 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/04 20:42:49.0046 3100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/04 20:42:49.0078 3100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/04 20:42:49.0171 3100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/04 20:42:49.0234 3100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/04 20:42:49.0328 3100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/04 20:42:49.0406 3100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/04 20:42:49.0515 3100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/04 20:42:49.0562 3100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/04 20:42:49.0625 3100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/04 20:42:50.0031 3100 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/04 20:42:50.0265 3100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/04 20:42:50.0375 3100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/04 20:42:50.0437 3100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/04 20:42:50.0484 3100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/04 20:42:50.0562 3100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/04 20:42:50.0718 3100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/04 20:42:50.0843 3100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/04 20:42:50.0937 3100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/04 20:42:50.0984 3100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/04 20:42:51.0046 3100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/04 20:42:51.0109 3100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/04 20:42:51.0187 3100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/04 20:42:51.0234 3100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/04 20:42:51.0296 3100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/04 20:42:51.0343 3100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/04 20:42:51.0406 3100 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/04 20:42:51.0484 3100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/04 20:42:51.0578 3100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/04 20:42:51.0687 3100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/04 20:42:51.0843 3100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/04 20:42:51.0953 3100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/04 20:42:52.0218 3100 IntcAzAudAddService (12a9dafe2266b6fa6ddbce1847347751) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/04 20:42:52.0406 3100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/04 20:42:52.0453 3100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/04 20:42:52.0500 3100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/04 20:42:52.0546 3100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/04 20:42:52.0640 3100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/04 20:42:52.0703 3100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/04 20:42:52.0765 3100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/04 20:42:52.0843 3100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/04 20:42:52.0937 3100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/04 20:42:52.0984 3100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/04 20:42:53.0031 3100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/04 20:42:53.0078 3100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/04 20:42:53.0281 3100 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/04 20:42:53.0421 3100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/04 20:42:53.0500 3100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/04 20:42:53.0546 3100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/04 20:42:53.0609 3100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/04 20:42:53.0640 3100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/04 20:42:53.0718 3100 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/04 20:42:54.0375 3100 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/08/04 20:42:54.0515 3100 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/08/04 20:42:54.0593 3100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/04 20:42:54.0703 3100 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/04 20:42:54.0796 3100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/04 20:42:54.0875 3100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/04 20:42:54.0953 3100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/04 20:42:55.0000 3100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/04 20:42:55.0062 3100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/04 20:42:55.0109 3100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/04 20:42:55.0203 3100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/04 20:42:55.0250 3100 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/04 20:42:55.0312 3100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/04 20:42:55.0375 3100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/04 20:42:55.0437 3100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/04 20:42:55.0484 3100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/04 20:42:55.0546 3100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/04 20:42:55.0703 3100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/04 20:42:55.0796 3100 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/08/04 20:42:55.0875 3100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/04 20:42:55.0984 3100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/04 20:42:56.0296 3100 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/04 20:42:56.0562 3100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/04 20:42:56.0609 3100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/04 20:42:56.0687 3100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/04 20:42:56.0750 3100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/04 20:42:56.0812 3100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/04 20:42:56.0843 3100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/04 20:42:56.0953 3100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/04 20:42:57.0015 3100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/04 20:42:57.0421 3100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/04 20:42:57.0515 3100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/04 20:42:57.0562 3100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/04 20:42:57.0609 3100 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\WINDOWS\system32\DRIVERS\PTSimBus.sys
2011/08/04 20:42:57.0671 3100 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\WINDOWS\system32\DRIVERS\PTSimHid.sys
2011/08/04 20:42:57.0718 3100 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/04 20:42:58.0062 3100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/04 20:42:58.0125 3100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/04 20:42:58.0203 3100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/04 20:42:58.0265 3100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/04 20:42:58.0343 3100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/04 20:42:58.0406 3100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/04 20:42:58.0484 3100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/04 20:42:58.0562 3100 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/04 20:42:58.0640 3100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/04 20:42:58.0734 3100 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/04 20:42:58.0843 3100 RT61 (4a46d8f482afdb37b7c8dc1a1ce515f7) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/08/04 20:42:58.0921 3100 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/04 20:42:59.0031 3100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/04 20:42:59.0093 3100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/04 20:42:59.0187 3100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/04 20:42:59.0281 3100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/04 20:42:59.0343 3100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/04 20:42:59.0515 3100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/04 20:42:59.0796 3100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/04 20:42:59.0906 3100 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/04 20:42:59.0906 3100 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/04 20:42:59.0921 3100 sptd - detected LockedFile.Multi.Generic (1)
2011/08/04 20:42:59.0984 3100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/04 20:43:00.0046 3100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/04 20:43:00.0156 3100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/04 20:43:00.0203 3100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/04 20:43:00.0484 3100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/04 20:43:00.0625 3100 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\WINDOWS\system32\DRIVERS\TClass2k.sys
2011/08/04 20:43:00.0687 3100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/04 20:43:00.0750 3100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/04 20:43:00.0796 3100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/04 20:43:00.0859 3100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/04 20:43:01.0031 3100 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\WINDOWS\system32\DRIVERS\UCTblHid.sys
2011/08/04 20:43:01.0109 3100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/04 20:43:01.0218 3100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/04 20:43:01.0312 3100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/04 20:43:01.0375 3100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/04 20:43:01.0421 3100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/04 20:43:01.0484 3100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/04 20:43:01.0531 3100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/04 20:43:01.0593 3100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/04 20:43:01.0671 3100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/04 20:43:01.0718 3100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/04 20:43:01.0843 3100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/04 20:43:01.0953 3100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/04 20:43:02.0015 3100 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/04 20:43:02.0109 3100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/04 20:43:02.0250 3100 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Documents and Settings\Cristal\My Documents\RealTemp_360\WinRing0.sys
2011/08/04 20:43:02.0375 3100 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2011/08/04 20:43:02.0468 3100 WlanUIB (4ae844465723621c882e931690c2a1cb) C:\WINDOWS\system32\DRIVERS\MA111nd5.sys
2011/08/04 20:43:02.0703 3100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/04 20:43:02.0750 3100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/04 20:43:03.0015 3100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/04 20:43:03.0140 3100 Boot (0x1200) (8211278ee7aba0c15e0ba775f502adb9) \Device\Harddisk0\DR0\Partition0
2011/08/04 20:43:03.0187 3100 ================================================================================
2011/08/04 20:43:03.0187 3100 Scan finished
2011/08/04 20:43:03.0187 3100 ================================================================================
2011/08/04 20:43:03.0234 2148 Detected object count: 1
2011/08/04 20:43:03.0234 2148 Actual detected object count: 1
2011/08/04 20:43:03.0609 2148 LockedFile.Multi.Generic(sptd) - User select action: Skip




Ahh! It seems MSE is running now, I can see it's icon in the corner!
  • 0

#6
BlackOxide
Posted 05 August 2011 - 11:49 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

Ahh! It seems MSE is running now, I can see it's icon in the corner!

:)



Lets now do a couple of scans to check to see if any remaining traces are still lurking...


1)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




2)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




In your next reply
Please post the contents of...
Kaspersky log
MBAM log
  • 0

#7
Faewild
Posted 06 August 2011 - 01:53 AM

Faewild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay~



Status: Deleted (events: 6)
8/5/2011 11:38:08 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062981.exe High
8/5/2011 11:38:08 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062981.exe//PE-Crypt.XorPE High
8/5/2011 11:38:03 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062982.exe High
8/5/2011 11:38:03 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062982.exe//PE-Crypt.XorPE High
8/5/2011 11:38:06 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062983.exe High
8/5/2011 11:38:06 PM Deleted Trojan program Trojan-Downloader.Win32.CodecPack.sjt C:\System Volume Information\_restore{D8458933-91CE-4024-9408-7E77F558E0E2}\RP562\A0062983.exe//PE-Crypt.XorPE High



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/6/2011 12:52:36 AM
mbam-log-2011-08-06 (00-52-36).txt

Scan type: Quick scan
Objects scanned: 159583
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
BlackOxide
Posted 06 August 2011 - 06:57 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Great, those logs look fine. Kaspersky has found some items, but they were all located in the System Restore folders, which we will clear shortly.

How's the PC behaving now, are there still no redirects? If there are any other problems you'd like to run past me, just let me know.
  • 0

#9
Faewild
Posted 06 August 2011 - 10:25 AM

Faewild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much! It seems to be running just fine now, and I haven't noticed any redirects!
  • 0

#10
BlackOxide
Posted 06 August 2011 - 11:45 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

Thank you very much! It seems to be running just fine now, and I haven't noticed any redirects!

No problem you're welcome, great to hear it's now running fine.


I'll now post my cleanup steps, which will guide you through removing the tools we have used and give you some tips on staying safe.



Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and TDSSKiller from the Desktop (if present)

2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide
  • 0

#11
Faewild
Posted 07 August 2011 - 10:43 PM

Faewild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All done! Thanks so much! :)
  • 0

#12
BlackOxide
Posted 08 August 2011 - 12:37 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem at all, glad it's all working fine now :)
  • 0

#13
BlackOxide
Posted 08 August 2011 - 12:37 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP