Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect and Window Change virus


  • This topic is locked This topic is locked

#1
retired_deer

retired_deer

    Member

  • Member
  • PipPip
  • 10 posts
I recently got some malware/virus surfing the web and it is affecting many areas of my computer. I have noticed 3 distinct areas it has affected in the past few hours:

1) It redirects my site selections to yellowpages.com and a few other, stranger sites. This occurs across multiple browsers, including Firefox, IE, and Google Chrome.
2) Within minutes of restarting, it reduces my windows to the style of Windows Classic. The selection for vista's default style disappears in Appearance.
3) My Internet privacy setting that blocks cookies is reduced to "accept all cookies" without my command.
4) Also just received an AVG block titled "Exploit Blackhole Exploit kit type 1889"

I have already tried running Malwarebytes, AVG, and Spybot, even in safe mode, without results. Any ideas on how to address this would be most appreciated.

OTL logfile created on: 9/6/2011 7:25:17 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jeremy\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 40.96% Memory free
6.22 Gb Paging File | 4.34 Gb Available in Paging File | 69.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 28.95 Gb Free Space | 12.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.47 Gb Free Space | 64.67% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 19:16:25 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Downloads\OTL.com
PRC - [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/08/22 16:41:14 | 003,126,944 | ---- | M] () -- C:\Windows\Downloaded Program Files\CONFLICT.120\FP_AX_CAB_INSTALLER.exe
PRC - [2011/08/22 16:41:14 | 003,126,944 | ---- | M] () -- C:\Windows\Downloaded Program Files\CONFLICT.119\FP_AX_CAB_INSTALLER.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/11 16:43:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 07:28:23 | 000,400,440 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 07:28:22 | 004,118,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 07:26:51 | 000,104,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 07:26:49 | 000,203,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 07:26:48 | 001,846,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 05:35:01 | 006,338,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/15 12:00:28 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/07/09 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/16 12:55:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/16 12:55:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/09 22:44:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/09 00:03:00 | 010,337,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 17:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/19 11:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 11:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 13:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 21:59:49 | 000,000,000 | ---D | M]

[2011/06/09 22:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/09/01 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions
[2011/07/16 11:46:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/23 04:39:18 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/05 20:59:34 | 000,002,057 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\searchplugins\youtube-video-search.xml
[2011/09/06 13:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/19 15:40:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 01:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/24 11:34:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\[email protected]
[2011/06/11 03:01:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: unt.edu ([ecampus] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{761996B7-DC62-4CDB-B3F6-26E264271058}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/06 11:35:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/06 00:35:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/06 00:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 00:35:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/05 15:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/09/05 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/09/05 01:05:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/04 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/09/03 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Electronic Arts
[2011/09/01 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Saxons
[2011/09/01 18:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Druids
[2011/09/01 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\NeocoreGames
[2011/09/01 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\King Arthur - The Role-playing Wargame
[2011/09/01 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/09/01 12:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/01 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/01 08:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/08/30 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/30 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/08/26 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/26 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/08/26 23:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/08/26 08:15:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Old stuff
[2011/08/25 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Immigration stuff
[2011/08/25 10:08:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Methods
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Quant
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1040
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Theory
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1050
[2011/08/25 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Extra
[2011/08/25 04:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\TurningPoint
[2011/08/25 04:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/08/25 04:30:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turning Technologies, LLC
[2011/08/25 04:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Turning Technologies
[2011/08/25 04:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Turning Technologies
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/24 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Netscape
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Netscape
[2011/08/23 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2011/08/18 09:22:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Stata11
[2011/08/17 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Facebook
[2011/08/15 11:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/15 11:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/15 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/15 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/15 11:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/08/15 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/08/15 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/08/15 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/12 15:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/12 15:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/11 22:38:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Fallout3
[2011/08/11 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/08/10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\HpUpdate
[2011/08/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/08/08 23:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/08/08 05:32:02 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Dropbox
[2011/08/08 05:31:19 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/08 05:30:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/10 01:33:43 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Jeremy\AppData\Roaming\3B5IMICQOG.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 19:14:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 19:14:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 19:07:34 | 000,644,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/06 19:07:34 | 000,120,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 19:02:57 | 000,001,081 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | M] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 18:59:04 | 131,299,828 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/06 18:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/06 18:54:59 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/06 18:54:59 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/06 18:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 13:27:03 | 000,000,872 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 11:46:44 | 123,195,470 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/06 08:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 08:09:14 | 000,002,571 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/09/06 00:35:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:58:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/05 15:00:05 | 000,000,911 | ---- | M] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | M] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 22:31:57 | 000,013,312 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 12:03:59 | 000,001,023 | ---- | M] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | M] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 14:30:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/09/02 22:31:53 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄtÄt
[2011/09/01 08:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄUÄU
[2011/08/31 16:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄlÄl
[2011/08/26 23:25:34 | 000,000,975 | ---- | M] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 12:48:27 | 000,018,145 | ---- | M] () -- C:\Users\Jeremy\Desktop\Weekly Planner.ods
[2011/08/25 09:03:43 | 001,222,534 | ---- | M] () -- C:\Users\Jeremy\Desktop\eating-well-with-no-time-and-no-money.pdf
[2011/08/25 04:30:24 | 000,002,058 | ---- | M] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 02:41:41 | 000,002,613 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ĐĐ
[2011/08/25 00:05:52 | 000,000,945 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/24 23:14:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ä8Ä8
[2011/08/24 23:11:49 | 000,405,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/19 07:15:17 | 000,001,178 | ---- | M] () -- C:\Users\Jeremy\Desktop\RPGs.lnk
[2011/08/18 13:04:44 | 000,001,272 | ---- | M] () -- C:\Users\Jeremy\Desktop\Academic books.lnk
[2011/08/15 12:00:28 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/08/13 20:53:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ä6Ä6
[2011/08/12 15:01:04 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 22:10:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/08/09 08:41:07 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/08 05:32:02 | 000,000,944 | ---- | M] () -- C:\Users\Jeremy\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 19:02:57 | 000,001,081 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | C] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 11:46:25 | 123,195,470 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/06 00:35:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | C] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | C] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | C] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | C] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄtÄt
[2011/09/01 08:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄUÄU
[2011/08/31 16:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄlÄl
[2011/08/26 23:25:34 | 000,000,975 | ---- | C] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 09:03:43 | 001,222,534 | ---- | C] () -- C:\Users\Jeremy\Desktop\eating-well-with-no-time-and-no-money.pdf
[2011/08/25 04:30:24 | 000,002,058 | ---- | C] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ĐĐ
[2011/08/24 23:53:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/24 23:14:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ä8Ä8
[2011/08/17 14:33:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/08/17 14:33:42 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/08/15 11:59:31 | 000,002,613 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/15 11:58:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/08/15 11:30:06 | 000,002,571 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/08/13 20:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ä6Ä6
[2011/08/12 15:01:04 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/08 05:32:02 | 000,000,944 | ---- | C] () -- C:\Users\Jeremy\Desktop\Dropbox.lnk
[2011/07/19 13:06:44 | 000,157,395 | ---- | C] () -- C:\Windows\hpoins27.dat
[2011/07/19 13:06:44 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2011/07/16 12:55:45 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/07/16 12:55:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/07/13 01:10:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/06/29 20:29:22 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/29 20:29:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/29 20:29:19 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/28 16:38:06 | 000,061,440 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2011/06/24 03:09:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/24 03:09:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/21 00:38:12 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/06/21 00:38:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/06/21 00:38:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/06/19 14:54:05 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/12 17:08:05 | 000,000,295 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/06/09 23:33:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/09 22:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/09 21:21:05 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
[2011/06/08 14:16:10 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/08 14:16:09 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/08 03:02:39 | 000,000,552 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d8caps.dat
[2011/06/08 02:49:26 | 000,013,312 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 02:41:36 | 000,000,680 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/04 05:16:00 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,405,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,644,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/04 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Academagia
[2011/06/29 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\acccore
[2011/06/09 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/09/06 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\EuroTalk
[2011/06/23 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Foxit Software
[2011/08/26 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/06/12 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Leadertech
[2011/07/03 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Lionhead Studios
[2011/07/26 12:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LucasArts
[2011/06/29 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\MusE
[2011/08/23 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Netscape
[2011/06/10 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\OpenOffice.org
[2011/09/05 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/02 14:42:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\ScummVM
[2011/06/23 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\TechWizard
[2011/06/09 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
[2011/09/06 01:48:25 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/25 04:36:09 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/07/24 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\UDP Software
[2011/09/06 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uTorrent
[2011/06/25 13:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\WordWeb
[2011/09/05 15:58:02 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/06 18:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/06 19:01:32 | 000,023,958 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   86.21KB   39 downloads

Edited by retired_deer, 06 September 2011 - 07:42 PM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#3
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks. This is what I got from the scan results:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-07 16:14:58
-----------------------------
16:14:58.824 OS Version: Windows 6.0.6001 Service Pack 1
16:14:58.824 Number of processors: 2 586 0xF0B
16:14:58.825 ComputerName: JEREMY-PC UserName: Jeremy
16:15:00.273 Initialize success
16:15:37.335 AVAST engine defs: 11090700
16:15:40.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:15:40.351 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
16:15:42.365 Disk 0 MBR read successfully
16:15:42.365 Disk 0 MBR scan
16:15:42.367 Disk 0 MBR:Alureon-G [Rtk]
16:15:42.367 Disk 0 [email protected] code has been found
16:15:42.367 Disk 0 Windows VISTA default MBR code found via API
16:15:42.367 Disk 0 MBR hidden
16:15:42.367 Disk 0 MBR [TDL4] **ROOTKIT**
16:15:42.367 Disk 0 trace - called modules:
16:15:42.368 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x865e24d0]<<
16:15:42.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f16ac8]
16:15:42.368 3 CLASSPNP.SYS[8a7a0745] -> nt!IofCallDriver -> [0x85765530]
16:15:42.369 5 acpi.sys[828966a0] -> nt!IofCallDriver -> [0x8576d8e0]
16:15:42.369 \Driver\atapi[0x85f16140] -> IRP_MJ_CREATE -> 0x865e24d0
16:15:43.502 AVAST engine scan C:\Windows
16:15:48.849 AVAST engine scan C:\Windows\system32
16:18:22.648 AVAST engine scan C:\Windows\system32\drivers
16:18:34.576 AVAST engine scan C:\Users\Jeremy
16:27:26.925 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\MBR.dat"
16:27:26.934 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\aswMBR.txt"
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Your computer is currently part of most popular botnet - TDL-4. If you want you can read latest news about this here. So please proceed with following steps to get rid of it:

Step 1

  • Please re-run aswMBR.exe.
  • Click Scan.
  • On completion of the scan click the Fix button.

    Posted Image
  • Save the log as before and post in your next reply.

Step 2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • TDSSKiller log

  • 0

#5
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Can't seem to get this program to work anymore. Towards the end of the scan, it crashes.
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Proceed with TDSSKiller instead:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Had to reboot. Here was the resulting report, with only one detected object (the rootkit I mentioned before):


2011/09/08 11:35:04.0059 5544 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/09/08 11:35:04.0427 5544 ================================================================================
2011/09/08 11:35:04.0427 5544 SystemInfo:
2011/09/08 11:35:04.0427 5544
2011/09/08 11:35:04.0428 5544 OS Version: 6.0.6001 ServicePack: 1.0
2011/09/08 11:35:04.0428 5544 Product type: Workstation
2011/09/08 11:35:04.0428 5544 ComputerName: JEREMY-PC
2011/09/08 11:35:04.0428 5544 UserName: Jeremy
2011/09/08 11:35:04.0428 5544 Windows directory: C:\Windows
2011/09/08 11:35:04.0428 5544 System windows directory: C:\Windows
2011/09/08 11:35:04.0428 5544 Processor architecture: Intel x86
2011/09/08 11:35:04.0428 5544 Number of processors: 2
2011/09/08 11:35:04.0428 5544 Page size: 0x1000
2011/09/08 11:35:04.0428 5544 Boot type: Normal boot
2011/09/08 11:35:04.0428 5544 ================================================================================
2011/09/08 11:35:06.0482 5544 Initialize success
2011/09/08 11:35:13.0126 5108 ================================================================================
2011/09/08 11:35:13.0126 5108 Scan started
2011/09/08 11:35:13.0126 5108 Mode: Manual;
2011/09/08 11:35:13.0126 5108 ================================================================================
2011/09/08 11:35:15.0409 5108 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/09/08 11:35:15.0649 5108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/08 11:35:16.0061 5108 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/08 11:35:16.0224 5108 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/08 11:35:16.0518 5108 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/08 11:35:16.0892 5108 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/09/08 11:35:17.0151 5108 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/08 11:35:17.0276 5108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/08 11:35:17.0377 5108 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/09/08 11:35:17.0480 5108 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/08 11:35:17.0618 5108 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/09/08 11:35:17.0740 5108 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/08 11:35:17.0838 5108 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/08 11:35:18.0193 5108 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/08 11:35:18.0642 5108 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/08 11:35:19.0048 5108 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/08 11:35:19.0365 5108 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/09/08 11:35:19.0551 5108 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
2011/09/08 11:35:19.0932 5108 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/08 11:35:20.0402 5108 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/08 11:35:20.0509 5108 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/08 11:35:20.0747 5108 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/09/08 11:35:21.0073 5108 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/09/08 11:35:21.0347 5108 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/09/08 11:35:21.0619 5108 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/09/08 11:35:21.0899 5108 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/09/08 11:35:22.0568 5108 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/08 11:35:22.0950 5108 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/08 11:35:23.0284 5108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/08 11:35:23.0510 5108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/08 11:35:23.0828 5108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/08 11:35:23.0870 5108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/08 11:35:23.0927 5108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/08 11:35:24.0351 5108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/08 11:35:24.0656 5108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/08 11:35:25.0374 5108 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/08 11:35:25.0732 5108 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/08 11:35:26.0233 5108 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/08 11:35:26.0749 5108 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/09/08 11:35:27.0257 5108 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/09/08 11:35:27.0473 5108 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/09/08 11:35:27.0568 5108 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/08 11:35:27.0640 5108 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/08 11:35:27.0861 5108 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/09/08 11:35:28.0678 5108 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/09/08 11:35:29.0054 5108 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/08 11:35:29.0261 5108 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/08 11:35:29.0582 5108 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/08 11:35:29.0814 5108 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/08 11:35:30.0056 5108 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/08 11:35:30.0150 5108 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/08 11:35:30.0532 5108 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/08 11:35:30.0856 5108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/08 11:35:31.0262 5108 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/09/08 11:35:31.0583 5108 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/08 11:35:31.0817 5108 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/09/08 11:35:32.0075 5108 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/09/08 11:35:32.0233 5108 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/08 11:35:32.0796 5108 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/08 11:35:33.0245 5108 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/08 11:35:33.0792 5108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/08 11:35:34.0089 5108 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/09/08 11:35:34.0550 5108 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/08 11:35:34.0921 5108 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/08 11:35:35.0405 5108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/08 11:35:35.0688 5108 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/08 11:35:36.0142 5108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/08 11:35:36.0688 5108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/08 11:35:37.0047 5108 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/08 11:35:37.0159 5108 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/08 11:35:37.0931 5108 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/08 11:35:38.0494 5108 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/09/08 11:35:38.0820 5108 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/09/08 11:35:39.0216 5108 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/08 11:35:39.0722 5108 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/08 11:35:40.0043 5108 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/08 11:35:40.0364 5108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/08 11:35:41.0064 5108 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/08 11:35:41.0659 5108 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/09/08 11:35:42.0223 5108 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/08 11:35:42.0601 5108 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/08 11:35:42.0815 5108 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/08 11:35:43.0242 5108 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/08 11:35:43.0537 5108 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/08 11:35:43.0665 5108 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/08 11:35:43.0855 5108 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/08 11:35:44.0333 5108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/08 11:35:44.0629 5108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/08 11:35:44.0874 5108 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/08 11:35:45.0079 5108 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/08 11:35:45.0363 5108 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/08 11:35:45.0950 5108 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/09/08 11:35:46.0414 5108 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/08 11:35:46.0700 5108 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/08 11:35:46.0799 5108 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/08 11:35:47.0212 5108 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/08 11:35:47.0609 5108 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/08 11:35:47.0777 5108 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/08 11:35:48.0033 5108 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/08 11:35:48.0137 5108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/08 11:35:48.0487 5108 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/08 11:35:48.0903 5108 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/08 11:35:49.0255 5108 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/08 11:35:49.0703 5108 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/08 11:35:50.0087 5108 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/08 11:35:50.0453 5108 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/08 11:35:50.0828 5108 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/08 11:35:50.0890 5108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/08 11:35:51.0034 5108 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/08 11:35:51.0072 5108 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/08 11:35:51.0282 5108 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/09/08 11:35:51.0375 5108 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/08 11:35:51.0489 5108 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/08 11:35:51.0587 5108 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/08 11:35:52.0003 5108 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/09/08 11:35:52.0348 5108 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/08 11:35:52.0821 5108 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/08 11:35:53.0259 5108 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/08 11:35:53.0376 5108 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/08 11:35:53.0522 5108 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/08 11:35:54.0023 5108 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/08 11:35:54.0160 5108 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/09/08 11:35:54.0263 5108 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/08 11:35:54.0611 5108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/08 11:35:54.0747 5108 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/09/08 11:35:54.0847 5108 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/08 11:35:55.0049 5108 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/09/08 11:35:55.0282 5108 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/08 11:35:55.0686 5108 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/08 11:35:55.0785 5108 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/08 11:35:56.0008 5108 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/08 11:35:56.0174 5108 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/08 11:35:56.0300 5108 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/08 11:35:56.0499 5108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/08 11:35:56.0669 5108 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/09/08 11:35:56.0991 5108 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/08 11:35:57.0385 5108 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/09/08 11:35:57.0995 5108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/08 11:35:58.0233 5108 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/08 11:35:58.0367 5108 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/09/08 11:35:59.0427 5108 nvlddmkm (27742b94d0244bbeb9ce1c332a2577a3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/08 11:35:59.0953 5108 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/09/08 11:36:00.0429 5108 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/09/08 11:36:00.0801 5108 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/08 11:36:01.0416 5108 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/08 11:36:01.0776 5108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/08 11:36:02.0228 5108 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/09/08 11:36:02.0643 5108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/08 11:36:03.0535 5108 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/09/08 11:36:03.0798 5108 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/08 11:36:04.0430 5108 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/08 11:36:05.0117 5108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/08 11:36:06.0306 5108 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/08 11:36:06.0596 5108 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/08 11:36:06.0863 5108 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/08 11:36:07.0209 5108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/08 11:36:07.0572 5108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/08 11:36:07.0814 5108 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/08 11:36:08.0039 5108 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/08 11:36:08.0379 5108 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/08 11:36:08.0629 5108 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/08 11:36:09.0208 5108 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/08 11:36:09.0794 5108 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/08 11:36:10.0003 5108 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/08 11:36:10.0187 5108 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/08 11:36:10.0536 5108 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/08 11:36:10.0711 5108 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/09/08 11:36:10.0997 5108 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/08 11:36:11.0156 5108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/08 11:36:11.0696 5108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/08 11:36:11.0935 5108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/08 11:36:12.0087 5108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/08 11:36:12.0294 5108 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/08 11:36:12.0402 5108 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/08 11:36:12.0629 5108 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/08 11:36:12.0718 5108 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/08 11:36:12.0815 5108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/08 11:36:12.0920 5108 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/08 11:36:13.0325 5108 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/08 11:36:13.0500 5108 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/08 11:36:13.0583 5108 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/09/08 11:36:13.0749 5108 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/08 11:36:14.0058 5108 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/09/08 11:36:14.0194 5108 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/08 11:36:14.0321 5108 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/08 11:36:14.0512 5108 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/08 11:36:14.0614 5108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/08 11:36:14.0664 5108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/08 11:36:14.0774 5108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/08 11:36:14.0944 5108 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/09/08 11:36:15.0401 5108 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/08 11:36:15.0635 5108 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/08 11:36:15.0703 5108 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/08 11:36:15.0780 5108 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/08 11:36:15.0844 5108 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/08 11:36:15.0917 5108 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/08 11:36:16.0183 5108 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/08 11:36:16.0475 5108 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/08 11:36:16.0785 5108 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/08 11:36:17.0029 5108 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/08 11:36:17.0388 5108 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/08 11:36:17.0507 5108 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/08 11:36:17.0541 5108 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/08 11:36:17.0569 5108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/08 11:36:17.0601 5108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/08 11:36:17.0670 5108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/08 11:36:17.0815 5108 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/08 11:36:17.0895 5108 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/08 11:36:17.0990 5108 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/08 11:36:18.0055 5108 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/08 11:36:18.0151 5108 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/08 11:36:18.0361 5108 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/08 11:36:18.0608 5108 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/08 11:36:18.0802 5108 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/08 11:36:18.0918 5108 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/08 11:36:19.0064 5108 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/08 11:36:19.0235 5108 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/08 11:36:19.0518 5108 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/08 11:36:19.0700 5108 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/08 11:36:19.0857 5108 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/08 11:36:20.0209 5108 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/09/08 11:36:20.0344 5108 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/08 11:36:20.0752 5108 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/09/08 11:36:21.0233 5108 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/09/08 11:36:21.0450 5108 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/08 11:36:21.0659 5108 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/09/08 11:36:21.0811 5108 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/09/08 11:36:22.0108 5108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/08 11:36:22.0211 5108 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 11:36:22.0225 5108 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 11:36:22.0313 5108 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/08 11:36:22.0595 5108 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/08 11:36:23.0017 5108 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/08 11:36:23.0287 5108 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/08 11:36:23.0609 5108 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/08 11:36:23.0992 5108 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/08 11:36:24.0160 5108 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/08 11:36:24.0395 5108 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/08 11:36:24.0460 5108 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/09/08 11:36:24.0465 5108 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 11:36:24.0503 5108 Boot (0x1200) (501c5bb883a7831cbc3a936fdf03119e) \Device\Harddisk0\DR0\Partition0
2011/09/08 11:36:24.0535 5108 Boot (0x1200) (56bb225c51fb9818efea740e164c479a) \Device\Harddisk0\DR0\Partition1
2011/09/08 11:36:24.0558 5108 ================================================================================
2011/09/08 11:36:24.0558 5108 Scan finished
2011/09/08 11:36:24.0558 5108 ================================================================================
2011/09/08 11:36:24.0570 2876 Detected object count: 1
2011/09/08 11:36:24.0570 2876 Actual detected object count: 1
2011/09/08 11:36:35.0251 2876 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 11:36:35.0251 2876 \Device\Harddisk0\DR0 - ok
2011/09/08 11:36:35.0252 2876 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/08 11:36:48.0774 2904 Deinitialize success
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Here was the resulting report, with only one detected object (the rootkit I mentioned before)

It's not what you expected?

Please follow the steps bellow now:

Step 1

  • Double click the aswMBR.exe to re-run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Please delete your copy of OTL.exe.

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#9
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oh, I was just being descriptive. It was what I expected. Will have the reports to you soon enough.
  • 0

#10
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here are the reports:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-08 12:03:30
-----------------------------
12:03:30.388 OS Version: Windows 6.0.6001 Service Pack 1
12:03:30.389 Number of processors: 2 586 0xF0B
12:03:30.390 ComputerName: JEREMY-PC UserName: Jeremy
12:03:31.872 Initialize success
12:03:40.022 AVAST engine defs: 11090700
12:05:34.174 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:05:34.174 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
12:05:36.233 Disk 0 MBR read successfully
12:05:36.249 Disk 0 MBR scan
12:05:36.249 Disk 0 Windows VISTA default MBR code
12:05:36.264 Disk 0 scanning sectors +488278016
12:05:36.420 Disk 0 scanning C:\Windows\system32\drivers
12:05:55.639 Service scanning
12:05:57.387 Modules scanning
12:06:35.716 Disk 0 trace - called modules:
12:06:35.763 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:06:35.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8552a7c8]
12:06:35.763 3 CLASSPNP.SYS[8a7a8745] -> nt!IofCallDriver -> [0x852f4898]
12:06:35.763 5 acpi.sys[8a09b6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853108a8]
12:06:36.355 AVAST engine scan C:\Windows
12:06:40.614 AVAST engine scan C:\Windows\system32
12:08:50.874 AVAST engine scan C:\Windows\system32\drivers
12:09:03.307 AVAST engine scan C:\Users\Jeremy
13:00:01.994 AVAST engine scan C:\ProgramData
15:30:28.023 Scan finished successfully
16:16:33.045 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\MBR.dat"
16:16:33.060 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\aswMBR.txt"






OTL logfile created on: 9/8/2011 4:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jeremy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 45.92% Memory free
6.23 Gb Paging File | 4.85 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 26.02 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.47 Gb Free Space | 64.67% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 12:01:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/11 16:43:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2011/08/15 12:00:28 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/07/09 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/16 12:55:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/16 12:55:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/09 22:44:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/09 00:03:00 | 010,337,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 17:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/19 11:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 11:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 13:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 21:59:49 | 000,000,000 | ---D | M]

[2011/06/09 22:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/09/01 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions
[2011/07/16 11:46:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/23 04:39:18 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/05 20:59:34 | 000,002,057 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\searchplugins\youtube-video-search.xml
[2011/09/06 13:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/19 15:40:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 01:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/24 11:34:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\[email protected]
[2011/06/11 03:01:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\..Trusted Domains: unt.edu ([ecampus] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{761996B7-DC62-4CDB-B3F6-26E264271058}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 12:01:30 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/09/07 22:14:05 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\TDSSKiller.exe
[2011/09/07 16:14:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/09/06 22:32:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/06 22:32:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/06 22:32:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 22:32:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/06 22:32:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/06 22:27:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/06 11:35:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/06 00:35:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/06 00:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 00:35:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/05 15:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/09/05 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/09/05 01:05:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/04 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/09/03 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Electronic Arts
[2011/09/01 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Saxons
[2011/09/01 18:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Druids
[2011/09/01 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\NeocoreGames
[2011/09/01 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\King Arthur - The Role-playing Wargame
[2011/09/01 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/09/01 12:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/01 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/01 08:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/08/30 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/30 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/08/26 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/26 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/08/26 23:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/08/26 08:15:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Old stuff
[2011/08/25 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Immigration stuff
[2011/08/25 10:08:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Methods
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Quant
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1040
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Theory
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1050
[2011/08/25 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Extra
[2011/08/25 08:39:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/25 08:39:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/25 08:39:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/25 08:39:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/25 08:39:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/25 08:39:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/25 08:39:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/25 08:39:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/25 08:39:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/25 08:39:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/25 08:39:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/25 08:39:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/25 08:39:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/25 08:39:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/25 08:39:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/25 08:39:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/25 08:39:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/25 04:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\TurningPoint
[2011/08/25 04:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/08/25 04:30:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turning Technologies, LLC
[2011/08/25 04:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Turning Technologies
[2011/08/25 04:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Turning Technologies
[2011/08/24 23:51:47 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/24 23:51:47 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/24 23:51:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/24 23:51:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/24 23:51:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/08/24 23:51:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/24 23:51:46 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/24 23:51:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/24 23:51:46 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/24 23:51:46 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/24 23:51:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/24 23:51:45 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/08/24 23:51:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/24 23:51:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/24 23:51:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/24 23:51:44 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/24 23:51:44 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/24 23:51:43 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/24 23:51:43 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/24 23:51:43 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/08/24 23:51:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/24 23:51:43 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/24 23:51:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/24 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Netscape
[2011/08/23 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2011/08/18 09:22:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Stata11
[2011/08/17 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Facebook
[2011/08/15 11:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/15 11:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/15 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/15 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/15 11:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/08/15 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/08/15 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/08/15 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/12 15:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/12 15:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/11 22:38:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Fallout3
[2011/08/11 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/08/10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\HpUpdate
[2011/08/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/06/10 01:33:43 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Jeremy\AppData\Roaming\3B5IMICQOG.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 16:16:33 | 000,000,512 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/09/08 15:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/08 15:58:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/08 15:38:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 15:38:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 15:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 12:01:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/09/08 11:43:39 | 000,644,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/08 11:43:39 | 000,120,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/08 11:38:43 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/08 11:38:42 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/08 11:38:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 11:38:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 11:38:07 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 10:16:16 | 000,014,336 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 21:51:02 | 131,425,651 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/07 21:46:30 | 319,658,734 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/07 16:14:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/09/06 19:42:52 | 000,405,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\TDSSKiller.exe
[2011/09/06 19:02:57 | 000,001,081 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | M] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 08:09:14 | 000,002,571 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/09/06 00:35:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | M] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | M] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | M] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | M] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 14:30:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\The Sims Medieval.lnk
[2011/09/02 22:31:53 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\tt
[2011/09/01 08:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\UU
[2011/08/31 16:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ll
[2011/08/26 23:25:34 | 000,000,975 | ---- | M] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 12:48:27 | 000,018,145 | ---- | M] () -- C:\Users\Jeremy\Desktop\Weekly Planner.ods
[2011/08/25 04:30:24 | 000,002,058 | ---- | M] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 02:41:41 | 000,002,613 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ĐĐ
[2011/08/25 00:05:52 | 000,000,945 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/24 23:14:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\88
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/24 11:34:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/24 11:34:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/24 11:34:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/19 07:15:17 | 000,001,178 | ---- | M] () -- C:\Users\Jeremy\Desktop\RPGs.lnk
[2011/08/18 13:04:44 | 000,001,272 | ---- | M] () -- C:\Users\Jeremy\Desktop\Academic books.lnk
[2011/08/15 12:00:28 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/08/13 20:53:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\66
[2011/08/12 15:01:04 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 22:10:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 16:16:33 | 000,000,512 | ---- | C] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/09/06 22:32:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/06 22:32:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/06 22:32:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/06 22:32:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 22:32:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 19:02:57 | 000,001,081 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | C] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 11:46:25 | 319,658,734 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/06 00:35:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | C] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | C] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | C] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | C] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\The Sims Medieval.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tt
[2011/09/01 08:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\UU
[2011/08/31 16:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ll
[2011/08/26 23:25:34 | 000,000,975 | ---- | C] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 04:30:24 | 000,002,058 | ---- | C] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ĐĐ
[2011/08/24 23:53:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/24 23:14:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\88
[2011/08/17 14:33:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/08/17 14:33:42 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/08/15 11:59:31 | 000,002,613 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/15 11:58:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/08/15 11:30:06 | 000,002,571 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/08/13 20:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\66
[2011/08/12 15:01:04 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/19 13:06:44 | 000,157,395 | ---- | C] () -- C:\Windows\hpoins27.dat
[2011/07/19 13:06:44 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2011/07/16 12:55:45 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/07/16 12:55:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/07/13 01:10:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/06/29 20:29:22 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/29 20:29:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/29 20:29:19 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/28 16:38:06 | 000,061,440 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2011/06/24 03:09:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/24 03:09:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/21 00:38:12 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/06/21 00:38:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/06/21 00:38:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/06/19 14:54:05 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/12 17:08:05 | 000,000,295 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/06/09 23:33:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/09 22:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/09 21:21:05 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
[2011/06/08 14:16:10 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/08 14:16:09 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/08 03:02:39 | 000,000,552 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d8caps.dat
[2011/06/08 02:49:26 | 000,014,336 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 02:41:36 | 000,000,680 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/04 05:16:00 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,405,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,644,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/04 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Academagia
[2011/06/29 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\acccore
[2011/06/09 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/07/16 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\BoneTown
[2011/09/06 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\EuroTalk
[2011/06/23 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Foxit Software
[2011/08/26 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/06/12 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Leadertech
[2011/06/29 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\MusE
[2011/06/10 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\OpenOffice.org
[2011/09/05 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/06/23 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\TechWizard
[2011/06/09 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
[2011/09/08 11:31:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/25 04:36:09 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/07/24 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\UDP Software
[2011/09/08 16:19:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uTorrent
[2011/06/25 13:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\WordWeb
[2011/09/08 15:58:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/08 15:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/08 11:37:18 | 000,027,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/06/10 02:52:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/06/10 02:51:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/06/10 03:41:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/06/10 03:41:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/06/10 02:52:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2011/06/10 02:53:59 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2011/06/10 02:54:00 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2011/06/10 02:54:00 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >



OTL Extras logfile created on: 9/8/2011 4:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jeremy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 45.92% Memory free
6.23 Gb Paging File | 4.85 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 26.02 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.47 Gb Free Space | 64.67% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1459413813-269195189-3691727679-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A29D7A2-37C6-4775-8BEE-15E70DC4BF0E}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{8D914AF6-1059-4730-BAD3-DA1BD6F22465}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{ABD710C2-0976-4C25-85C9-BEAD05AF5515}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{DF140AFF-5215-4A3E-96D3-7BDBA0717729}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03098AAE-9AA9-4E2B-9FE7-2072D324BFA8}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{0E2429C5-D93B-41B9-884E-7CDC68D594CD}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{127373C2-41CA-4549-9001-8A44B2B65D3B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{14E96E93-8B86-4F76-88BB-D619944F288E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{183AEBAA-A124-4A47-8A8E-84D2B080D97A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B9A460D-7203-4246-9D9A-B5A4DFD3A49C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{331EF430-567A-42DA-892F-FA4E51702609}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3A79CD1A-5A31-4A7B-83A6-94E3970D6B9D}" = protocol=6 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{3EDD8C45-DDC2-433B-95B2-14FDEDC21232}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{3F51A771-18D9-451A-9860-2C71C5D57CB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{48A3ABAF-F588-4940-9058-436389F68D6D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5AB457E3-9AD8-494A-9D92-759C994E2F3E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7BC4D946-7A1E-4E14-ADDB-E8FC2FAAB110}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{7E02A163-E650-49BE-8CE5-3E4F3425ED12}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8974F639-60DC-414B-B56B-C67F21B6CC76}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9FC97C66-AE79-42BB-A604-1D68F7C4EDF6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A0CE5FE0-EFA3-4A7F-B4C0-CB61B53A7338}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{A490127B-95F3-4BA6-AE31-C7314E135007}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A83B09BA-9B0F-4219-94E3-40C5B5697F79}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{ABA41DA1-2A41-4F36-BE2B-F1A8E54A53F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AD44FEAE-3F20-4225-919D-36EFA0C570C5}" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\dropbox\bin\dropbox.exe |
"{C1AE8EF7-F517-488B-971A-6026DF3D590E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{CF4C34EB-613B-4746-9992-03666715CFEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD8A2E6E-5447-4B73-B3ED-3BD600F86B2F}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{DE783FAD-4C94-451C-B5AC-7C4287840E66}" = protocol=17 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{E98F8A84-4D70-4DC1-B94A-620B66532535}" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED718D15-05C1-47E8-8318-3C9C47C26A76}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F2515A3C-0042-472A-B80E-DB6B55A247C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F593207E-7A4A-49F0-938B-31FD4B5F94DF}" = dir=in | app=c:\users\jeremy\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FBD2CC5F-01AC-4142-BB5B-0D3588478C51}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{47FCDC32-E28C-470A-A4BD-A7739999E39F}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe |
"TCP Query User{65C912B7-1E8F-46CE-9E1A-8FD37FFE3255}C:\program files\gretech\gomplayer\gom.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"UDP Query User{4070ED84-1B90-4989-A015-244B467C5340}C:\program files\gretech\gomplayer\gom.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"UDP Query User{44E32166-34C9-4430-80EC-35F3EFFAA57B}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018305}" = Fable III
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A087967A-C8BA-4CA8-A3D1-FB99EEFDF739}" = IHA_MessageCenter
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}" = TurningPoint 2008
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DAEMON Tools Lite" = DAEMON Tools Lite
"Foxit Reader_is1" = Foxit Reader 5.0
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"King Arthur - The Role-playing Wargame: The Saxons_is1" = King Arthur - The Role-playing Wargame: The Saxons
"King Arthur - The Role-playing Wargame_is1" = King Arthur - The Role-playing Wargame: The Druids
"Kings Bounty Armored Princess_is1" = King's Bounty: Crossworlds
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"President Forever 2008 + Primaries_is1" = President Forever 2008 + Primaries - v. 1.00.6.6
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Space Rangers 2" = 1C Company\Space Rangers 2 - Reboot Add-on
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.10
"WindowsFrotz" = Windows Frotz
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WordWeb" = WordWeb Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1459413813-269195189-3691727679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Dropbox" = Dropbox
"Tropico 4" = Tropico 4 1.00

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Are you still getting the redirects?

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    O3 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/09/01 11:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\tt
    [2011/09/01 08:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\UU
    [2011/08/31 16:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ll
    [2011/08/25 00:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\??
    [2011/08/24 23:14:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\88
    [2011/08/13 20:53:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\66
      	
    :Files
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix lol
  • OTL scan log

  • 0

#12
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I haven't gotten a redirect after that. Should I still run the OTL?
  • 0

#13
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes please.
  • 0

#14
retired_deer

retired_deer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the fix and scan log.


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1459413813-269195189-3691727679-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Windows\System32\tt moved successfully.
C:\Windows\System32\UU moved successfully.
C:\Windows\System32\ll moved successfully.
File C:\Windows\System32\?? not found.
C:\Windows\System32\88 moved successfully.
C:\Windows\System32\66 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jeremy\Desktop\cmd.bat deleted successfully.
C:\Users\Jeremy\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeremy
->Temp folder emptied: 45564463 bytes
->Temporary Internet Files folder emptied: 47904873 bytes
->Java cache emptied: 7667730 bytes
->FireFox cache emptied: 441946432 bytes
->Google Chrome cache emptied: 287843309 bytes
->Flash cache emptied: 8956 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144231046 bytes
RecycleBin emptied: 24672718 bytes

Total Files Cleaned = 954.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jeremy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.27.0 log created on 09082011_174153

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL logfile created on: 9/8/2011 4:18:29 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jeremy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 45.92% Memory free
6.23 Gb Paging File | 4.85 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 26.02 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.47 Gb Free Space | 64.67% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 12:01:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/11 16:43:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2011/08/15 12:00:28 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/07/09 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/16 12:55:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/16 12:55:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/09 22:44:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/09 00:03:00 | 010,337,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 17:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/19 11:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 11:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 13:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 21:59:49 | 000,000,000 | ---D | M]

[2011/06/09 22:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/09/01 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions
[2011/07/16 11:46:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/23 04:39:18 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/05 20:59:34 | 000,002,057 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\searchplugins\youtube-video-search.xml
[2011/09/06 13:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/19 15:40:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 01:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/24 11:34:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\[email protected]
[2011/06/11 03:01:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1459413813-269195189-3691727679-1000\..Trusted Domains: unt.edu ([ecampus] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{761996B7-DC62-4CDB-B3F6-26E264271058}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 12:01:30 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/09/07 22:14:05 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\TDSSKiller.exe
[2011/09/07 16:14:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/09/06 22:32:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/06 22:32:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/06 22:32:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 22:32:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/06 22:32:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/06 22:27:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/06 11:35:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/06 00:35:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/06 00:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 00:35:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/05 15:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/09/05 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/09/05 01:05:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/04 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/09/03 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Electronic Arts
[2011/09/01 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Saxons
[2011/09/01 18:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Druids
[2011/09/01 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\NeocoreGames
[2011/09/01 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\King Arthur - The Role-playing Wargame
[2011/09/01 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/09/01 12:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/01 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/01 08:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/08/30 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/30 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/08/26 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/26 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/08/26 23:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/08/26 08:15:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Old stuff
[2011/08/25 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Immigration stuff
[2011/08/25 10:08:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Methods
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Quant
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1040
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Theory
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1050
[2011/08/25 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Extra
[2011/08/25 08:39:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/25 08:39:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/25 08:39:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/25 08:39:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/25 08:39:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/25 08:39:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/25 08:39:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/25 08:39:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/25 08:39:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/25 08:39:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/25 08:39:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/25 08:39:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/25 08:39:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/25 08:39:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/25 08:39:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/25 08:39:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/25 08:39:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/25 04:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\TurningPoint
[2011/08/25 04:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/08/25 04:30:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turning Technologies, LLC
[2011/08/25 04:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Turning Technologies
[2011/08/25 04:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Turning Technologies
[2011/08/24 23:51:47 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/24 23:51:47 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/24 23:51:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/24 23:51:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/24 23:51:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/08/24 23:51:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/24 23:51:46 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/24 23:51:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/24 23:51:46 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/24 23:51:46 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/24 23:51:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/24 23:51:45 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/08/24 23:51:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/24 23:51:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/24 23:51:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/24 23:51:44 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/24 23:51:44 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/24 23:51:43 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/24 23:51:43 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/24 23:51:43 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/08/24 23:51:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/24 23:51:43 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/24 23:51:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/24 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Netscape
[2011/08/23 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2011/08/18 09:22:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Stata11
[2011/08/17 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Facebook
[2011/08/15 11:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/15 11:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/15 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/15 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/15 11:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/08/15 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/08/15 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/08/15 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/12 15:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/12 15:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/11 22:38:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Fallout3
[2011/08/11 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/08/10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\HpUpdate
[2011/08/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/06/10 01:33:43 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Jeremy\AppData\Roaming\3B5IMICQOG.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 16:16:33 | 000,000,512 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/09/08 15:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/08 15:58:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/08 15:38:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 15:38:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 15:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 12:01:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/09/08 11:43:39 | 000,644,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/08 11:43:39 | 000,120,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/08 11:38:43 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/08 11:38:42 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/08 11:38:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 11:38:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 11:38:07 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 10:16:16 | 000,014,336 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 21:51:02 | 131,425,651 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/07 21:46:30 | 319,658,734 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/07 16:14:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/09/06 19:42:52 | 000,405,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\TDSSKiller.exe
[2011/09/06 19:02:57 | 000,001,081 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | M] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 08:09:14 | 000,002,571 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/09/06 00:35:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | M] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | M] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | M] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | M] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 14:30:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\The Sims Medieval.lnk
[2011/09/02 22:31:53 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\tt
[2011/09/01 08:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\UU
[2011/08/31 16:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ll
[2011/08/26 23:25:34 | 000,000,975 | ---- | M] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 12:48:27 | 000,018,145 | ---- | M] () -- C:\Users\Jeremy\Desktop\Weekly Planner.ods
[2011/08/25 04:30:24 | 000,002,058 | ---- | M] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 02:41:41 | 000,002,613 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ĐĐ
[2011/08/25 00:05:52 | 000,000,945 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/24 23:14:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\88
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/24 11:34:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/24 11:34:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/24 11:34:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/19 07:15:17 | 000,001,178 | ---- | M] () -- C:\Users\Jeremy\Desktop\RPGs.lnk
[2011/08/18 13:04:44 | 000,001,272 | ---- | M] () -- C:\Users\Jeremy\Desktop\Academic books.lnk
[2011/08/15 12:00:28 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/08/13 20:53:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\66
[2011/08/12 15:01:04 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 22:10:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 16:16:33 | 000,000,512 | ---- | C] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/09/06 22:32:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/06 22:32:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/06 22:32:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/06 22:32:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 22:32:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 19:02:57 | 000,001,081 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | C] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 11:46:25 | 319,658,734 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/06 00:35:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | C] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | C] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | C] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | C] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\The Sims Medieval.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tt
[2011/09/01 08:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\UU
[2011/08/31 16:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ll
[2011/08/26 23:25:34 | 000,000,975 | ---- | C] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 04:30:24 | 000,002,058 | ---- | C] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ĐĐ
[2011/08/24 23:53:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/24 23:14:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\88
[2011/08/17 14:33:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/08/17 14:33:42 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/08/15 11:59:31 | 000,002,613 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/15 11:58:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/08/15 11:30:06 | 000,002,571 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/08/13 20:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\66
[2011/08/12 15:01:04 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/19 13:06:44 | 000,157,395 | ---- | C] () -- C:\Windows\hpoins27.dat
[2011/07/19 13:06:44 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2011/07/16 12:55:45 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/07/16 12:55:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/07/13 01:10:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/06/29 20:29:22 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/29 20:29:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/29 20:29:19 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/28 16:38:06 | 000,061,440 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2011/06/24 03:09:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/24 03:09:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/21 00:38:12 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/06/21 00:38:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/06/21 00:38:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/06/19 14:54:05 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/12 17:08:05 | 000,000,295 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/06/09 23:33:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/09 22:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/09 21:21:05 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
[2011/06/08 14:16:10 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/08 14:16:09 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/08 03:02:39 | 000,000,552 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d8caps.dat
[2011/06/08 02:49:26 | 000,014,336 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 02:41:36 | 000,000,680 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/04 05:16:00 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,405,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,644,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/04 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Academagia
[2011/06/29 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\acccore
[2011/06/09 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/07/16 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\BoneTown
[2011/09/06 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\EuroTalk
[2011/06/23 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Foxit Software
[2011/08/26 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/06/12 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Leadertech
[2011/06/29 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\MusE
[2011/06/10 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\OpenOffice.org
[2011/09/05 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/06/23 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\TechWizard
[2011/06/09 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
[2011/09/08 11:31:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/25 04:36:09 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/07/24 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\UDP Software
[2011/09/08 16:19:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uTorrent
[2011/06/25 13:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\WordWeb
[2011/09/08 15:58:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/08 15:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/08 11:37:18 | 000,027,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/06/10 02:52:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/06/10 02:51:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/06/10 03:41:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/06/10 03:41:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/06/10 02:52:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2011/06/10 02:53:59 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2011/06/10 02:54:00 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2011/06/10 02:54:00 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 01:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 01:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Good. Please follow these steps:

Step 1

Using Windows Explorer please delete following folder manually:

C:\Windows\System32\ĐĐ


Step 2

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP