Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ive been told i have viruses

Started by confusled , Sep 13 2011 07:09 PM

This topic is locked

#1
confusled

Posted 13 September 2011 - 07:09 PM

New Member

Member
6 posts

one of my IT freinds told me there are alot of viruses and malware programs hiding on my computer and i have Norton which ive been told isnt that great so i download microsoft security essentials scan and it picked up a few things but the computer still doesnt work well. some problems are:
-the computer runs extremly slow in regular windows and internet explorer
-programs like windows explorer and internet explorer will randomly stop responding
-the computer local disk space is almost full yet there doesnt seem to be much in there
my freinds says the first step to fixing this is to remove the viruses how do i do that though?

#2
confusled

Posted 13 September 2011 - 07:27 PM

New Member

Topic Starter
Member
6 posts

OTL logfile created on: 9/13/2011 9:21:47 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 39.78% Memory free
5.88 Gb Paging File | 4.14 Gb Available in Paging File | 70.47% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.95 Gb Total Space | 35.38 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.86 Gb Free Space | 15.55% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.57 Gb Free Space | 15.22% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 21:12:40 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/01 16:34:35 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/23 10:36:41 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/10/04 16:43:35 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2010/10/04 16:43:35 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/11/12 19:44:06 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\User\Program Files\DNA\btdna.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/07/13 20:36:10 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/06/11 20:27:26 | 000,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe
PRC - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/04 12:20:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3e1c184b683c96ec23c1cf22aec704d9\System.Runtime.Remoting.ni.dll
MOD - [2011/07/04 12:20:33 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9e5583324c4659b40b4b440fb1a9e639\System.Web.ni.dll
MOD - [2011/07/04 12:19:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\af6f706cdcf02a312a9a339c20a8dbfb\System.Configuration.ni.dll
MOD - [2011/07/04 12:18:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MOD - [2011/07/04 12:17:46 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4d5fc62cbae71aae3cf1fa90446920ef\System.Windows.Forms.ni.dll
MOD - [2011/07/04 12:17:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\daf35d9703895998bae9efd6d23be282\System.Drawing.ni.dll
MOD - [2011/07/04 12:16:34 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/07/04 12:16:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/06/17 12:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 12:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 12:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/09/30 23:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/09/30 23:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/09/30 23:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/09/30 23:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/09/30 23:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/06/11 20:27:26 | 000,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe
MOD - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.UtilCommand1.dll
MOD - [2007/05/30 06:12:16 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.UtilCommand2.dll
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:12:14 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.GuiEngineBase.ControlLibBase.dll
MOD - [2007/05/30 06:12:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.GuiEngineBase.dll
MOD - [2007/05/30 06:12:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.MessageAdapter1.dll
MOD - [2007/05/30 06:12:14 | 000,053,248 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.MessageAdapter2.dll
MOD - [2007/05/30 06:12:14 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.SplashScreen.dll
MOD - [2007/05/30 06:12:12 | 000,090,112 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.GuiEngine1.dll
MOD - [2007/05/30 06:12:12 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.GuiEngine2.dll
MOD - [2007/05/30 06:12:10 | 000,700,416 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.FunctionDef2.dll
MOD - [2007/05/30 06:12:08 | 000,585,728 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.FunctionDef1.dll
MOD - [2007/05/30 06:12:06 | 000,204,800 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.Core.dll
MOD - [2007/05/30 06:12:06 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.FuncDefBase.dll
MOD - [2007/05/30 06:12:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.PersistentDataStore.dll
MOD - [2007/05/30 06:12:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.Public.dll
MOD - [2007/05/30 06:12:00 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.Messaging.dll
MOD - [2007/05/30 06:12:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.Controller.dll
MOD - [2007/05/30 06:11:58 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.Core.dll
MOD - [2007/05/30 06:11:58 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.Discovery.dll
MOD - [2007/05/30 06:11:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.IPC.Listener.dll
MOD - [2007/05/30 06:11:58 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Framework.Logging.dll
MOD - [2007/05/30 06:11:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Drones.DownloadAppList.dll
MOD - [2007/05/30 06:11:26 | 000,046,080 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Drones.DownloadAppListMarshalling.dll
MOD - [2007/05/30 06:11:24 | 000,331,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Drones.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/05/30 06:11:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Domain.DomainLayer.dll
MOD - [2007/05/30 06:11:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.ApplicationLayer.dll
MOD - [2007/05/21 14:56:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.IPCListeners.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/04/30 09:19:46 | 000,016,384 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.IPCCommObject.dll
MOD - [2007/04/09 14:22:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Gui.GuiEngine3.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddrs.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/10/06 18:08:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddcnv4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/02 21:17:47 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/10/04 16:43:35 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/05/23 17:28:00 | 003,518,368 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/13 20:36:10 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/09 21:16:44 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2011/09/13 16:22:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{292CC1E9-8FD3-4BE3-A8BC-7D36C9562AA6}\MpKslc3321e3b.sys -- (MpKslc3321e3b)
DRV - [2011/09/13 05:16:21 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110913.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/13 05:16:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110913.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/09 13:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110913.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/28 11:54:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 11:54:30 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/20 07:16:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/22 22:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 14:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...s=1&affID=17396

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {ff19b72a-36ed-4066-8865-a580ae938cce} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\User\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\User\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Zango\bin\10.3.85.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/09/10 02:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/10 02:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_1_3 [2011/09/13 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\User\Program Files\DNA [2011/09/13 16:37:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Move Networks [2011/06/12 15:52:38 | 000,000,000 | ---D | M]

[2011/08/31 19:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2009/10/06 13:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/03/09 19:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions
[2009/03/09 19:17:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/03/18 11:17:49 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/09/22 04:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml

O1 HOSTS File: ([2011/02/02 17:30:23 | 000,000,055 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [GateWay] C:\Program Files\Gravity\Gateway\GateWayMain.exe File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Comcast Install 1.0; PBSTB 1.2; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET4.0C; .NET CLR 3.0.30729; .NET CLR 1.1.4322)" -"http://woz.commtechl...trail/play.htm" File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: freetoolsassociation.com ([activegs] http in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Artist%20Colony/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://fate.netgame....ch_USAv1004.cab (MGLaunch_v1004 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82D34D09-65C4-47C2-A854-42B68F27C6F1}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA7F7F0-E8C6-447A-9D3B-B4803134AA02}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll) -C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (roc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/22 16:25:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{32c64207-34d7-11de-aac7-001b24e691fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{32c64207-34d7-11de-aac7-001b24e691fd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{61525ed5-510a-11de-bedf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61525ed5-510a-11de-bedf-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6ed6874b-5e6d-11de-9084-001a73db613c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed6874b-5e6d-11de-9084-001a73db613c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ab98fbd7-a82a-11dd-8d6c-001b24e691fd}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{ab98fbd7-a82a-11dd-8d6c-001b24e691fd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL config.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 21:12:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/09/10 15:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/10 10:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swords and Sandals 2
[2011/09/10 10:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\SwordsSandals2
[2011/09/10 10:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/09 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\IObit
[2011/09/09 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/09/09 23:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/09/07 17:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/02 17:07:49 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\gegl-0.0
[2011/09/02 17:07:49 | 000,000,000 | ---D | C] -- C:\Users\User\.gimp-2.6
[2011/08/31 18:42:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/08/27 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Vindictus
[2011/08/27 17:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/08/27 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2011/08/21 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011/08/21 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Audible
[2011/08/21 21:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2008/02/27 07:54:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2008/02/27 07:54:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2008/02/27 07:54:25 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2008/02/27 07:54:25 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2008/02/27 07:54:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2008/02/27 07:54:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2008/02/27 07:54:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2008/02/27 07:54:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2008/02/27 07:54:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2008/02/27 07:54:23 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2008/02/27 07:54:23 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2008/02/27 07:54:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2008/02/27 07:54:22 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2008/02/27 07:54:21 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2008/02/27 07:54:21 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[76 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[76 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/13 21:12:40 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/09/13 21:02:03 | 000,653,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/13 21:02:03 | 000,124,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/13 20:22:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 20:22:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 20:15:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{298061FC-9921-419D-8700-52655D516568}.job
[2011/09/13 19:21:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1622567238-1905692925-563698752-1000UA.job
[2011/09/13 16:38:30 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/09/13 16:37:16 | 000,126,344 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/13 16:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/13 16:21:49 | 2079,191,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 04:08:40 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for User.job
[2011/09/12 16:21:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1622567238-1905692925-563698752-1000Core.job
[2011/09/12 07:59:31 | 000,126,344 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/10 15:45:00 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/10 10:58:02 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Swords and Sandals 2.lnk
[2011/09/10 10:35:53 | 000,059,392 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/09 23:17:23 | 000,000,947 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/09 23:17:22 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/09/09 21:19:13 | 000,007,620 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/09/08 21:18:21 | 000,238,818 | ---- | M] () -- C:\Users\User\Desktop\CoreFoundation.dll.zip
[2011/09/02 17:42:01 | 000,000,836 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2011/09/02 06:41:34 | 280,645,124 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/30 23:37:02 | 461,373,440 | ---- | M] () -- C:\Users\User\Documents\Phantasy Star Portable 2 [USA].part1.rar
[2011/08/23 17:33:35 | 001,029,502 | ---- | M] () -- C:\Users\User\Desktop\Copy of 8-23-2011 5;33;35 PM.jpg
[2011/08/23 17:33:35 | 001,029,502 | ---- | M] () -- C:\Users\User\Desktop\8-23-2011 5;33;35 PM.jpg
[2011/08/21 21:35:33 | 000,001,868 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/08/19 16:33:20 | 000,025,944 | ---- | M] () -- C:\Windows\System32\SmartDefragBootTime.exe
[76 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[76 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 15:45:00 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/10 15:43:43 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/10 10:58:02 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Swords and Sandals 2.lnk
[2011/09/09 23:17:26 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/09/09 23:17:26 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/09/09 23:17:22 | 000,000,947 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/09 23:17:22 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/09/08 21:18:19 | 000,238,818 | ---- | C] () -- C:\Users\User\Desktop\CoreFoundation.dll.zip
[2011/09/02 17:42:01 | 000,000,836 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2011/08/30 23:36:41 | 461,373,440 | ---- | C] () -- C:\Users\User\Documents\Phantasy Star Portable 2 [USA].part1.rar
[2011/08/23 17:43:24 | 001,029,502 | ---- | C] () -- C:\Users\User\Desktop\Copy of 8-23-2011 5;33;35 PM.jpg
[2011/08/23 17:33:59 | 001,029,502 | ---- | C] () -- C:\Users\User\Desktop\8-23-2011 5;33;35 PM.jpg
[2011/08/21 21:35:32 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/05/18 17:13:33 | 000,001,940 | ---- | C] () -- C:\Users\User\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/10 17:56:21 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/10 17:56:16 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/10/30 19:08:09 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/08/21 13:30:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/21 13:30:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/20 07:27:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/08/14 19:15:50 | 001,511,424 | ---- | C] () -- C:\Windows\System32\sn3win.dll
[2010/04/15 18:24:03 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Ihurugab.dat
[2010/04/15 18:24:03 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Kpikorunifusizeb.bin
[2010/03/22 21:49:55 | 000,126,344 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/22 21:49:53 | 000,126,344 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/22 21:22:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/06 01:37:34 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/02/15 22:00:12 | 000,007,620 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/12/25 18:15:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/14 22:52:24 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/01 12:17:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/12 21:13:01 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/20 15:53:56 | 000,000,674 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2009/06/11 19:50:40 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2009/05/16 16:52:30 | 000,000,016 | ---- | C] () -- C:\Windows\ka.ini
[2009/03/09 20:17:27 | 000,000,557 | ---- | C] () -- C:\Windows\eReg.dat
[2009/02/23 17:17:26 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2009/02/16 17:23:39 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Clifford Uninstall.exe
[2008/09/12 07:07:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/09/12 06:57:26 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2008/09/02 16:47:16 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2008/07/14 16:34:04 | 000,000,294 | ---- | C] () -- C:\Windows\EReg077.dat
[2008/07/14 16:32:18 | 000,000,057 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2008/05/06 20:38:26 | 000,003,557 | ---- | C] () -- C:\ProgramData\lxdd
[2008/04/19 11:14:52 | 000,026,340 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png
[2008/03/12 13:39:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/01 21:04:50 | 000,059,392 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/27 07:56:02 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2008/02/27 07:54:26 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2008/02/27 07:54:23 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2008/01/04 21:58:42 | 000,027,240 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2008/01/04 21:31:27 | 000,027,240 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2007/12/05 14:07:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/05 14:03:47 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/10/22 16:40:38 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/28 15:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 14:40:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 12:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,469,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,653,914 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,124,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/06 13:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/18 03:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/07/21 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Alawar
[2010/12/07 18:22:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AlawarSouthpoint
[2008/04/17 18:09:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2010/10/25 23:10:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2009/12/30 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BeachPartyCraze
[2010/09/07 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Big Fish Games
[2010/12/30 15:37:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\blg
[2010/12/14 18:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BugTrap Console Test108
[2009/12/15 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CallingID
[2011/02/25 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CasualForge
[2009/07/13 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/08 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Datel
[2009/12/03 17:51:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAZ 3D
[2011/02/24 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DiskAid
[2011/09/13 21:28:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DNA
[2011/02/20 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EleFun Games
[2010/07/13 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fabulous Finds
[2010/12/20 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\fizzy
[2010/07/21 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gamelab
[2010/09/07 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gamers Digital
[2010/07/10 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GamesCafe
[2011/01/01 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2009/12/24 18:48:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GOL_byHasbro
[2010/07/13 14:05:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Happyville__
[2010/07/14 12:41:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Home Sweet Home
[2010/09/29 20:16:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Home Sweet Home 2
[2010/07/21 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Home Sweet Home Christmas
[2010/07/18 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IBAGroup
[2009/03/16 18:30:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ideas From the Deep
[2008/09/12 06:57:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InterVideo
[2011/09/09 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011/07/19 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Islands
[2011/07/20 18:04:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Islands2
[2010/07/10 16:30:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin
[2010/01/04 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin_JanesRealty
[2009/12/30 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jane s Hotel Family Hero
[2008/02/27 08:08:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2010/09/30 18:23:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire
[2009/03/02 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Magic Academy
[2010/07/16 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Merscom
[2010/12/23 13:54:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Morpheus Software
[2010/11/16 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MusE
[2009/10/12 23:35:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\muvee Technologies
[2009/12/28 14:22:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2011/07/21 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NeopleLauncherDFO
[2008/06/22 08:12:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Netscape
[2008/06/21 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nexon
[2008/04/19 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PeerNetworking
[2010/11/15 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PetShowCraze
[2011/01/04 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
[2011/05/16 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2011/01/04 10:05:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2010/12/01 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Secret of the Solstice
[2011/01/19 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Smilebox
[2009/03/09 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpinTop
[2009/06/20 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2009/12/26 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Total Eclipse
[2011/03/18 20:40:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ViquaSoft
[2011/07/21 17:27:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Virtual City
[2008/07/21 21:26:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2011/04/23 19:00:19 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/09/13 13:55:29 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/13 20:15:36 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{298061FC-9921-419D-8700-52655D516568}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:182E7BAA
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:98F800E5
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:C8FE540E
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5A14966B
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:517FAB99
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E9EFBEF6
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:78D09D71
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E0C2ABF7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DF2C953B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1B8B59DB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AF2F4B57
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E85475C7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BA37E1F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6E7A5A95
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:42478B0E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:1E6212E6
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A37FCC3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:61EAC7DA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2AF40C07
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:03460648
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:000A1C66
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E5121D26
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C76BA037
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9A1A77DD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9CAEE170
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:67518200
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CA8D6B60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A95624CB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:744022A1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:362B7440
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:00DA4A46
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:94124B85
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:252B7D28
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E21D3CA0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:77183025
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EAA88D28
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:64EC809E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:50E7393E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2CC3B9D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8CD95DE0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D29B16C5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:983B4DC0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6B86037F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C3A9C939
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7DF1EF45
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3FB71C37
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FB601DB3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:931BB48A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A9CF5CA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F8C595D1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E7730732
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A59DD4AD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6ECD2470
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0A423B55
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EBFD4E6F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D53D29CC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8396196A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:36CB2BB0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2C399CCA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4290D685
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A20F1AF8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8A26C97F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4B4E93EE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D19F6C18
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAE777AD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BAFBDA0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D6D87980
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:887EAE14
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:878F15F1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B1E64E47
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4709F39D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2B4FA895
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A61A6FCC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:969736FD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8BCF4DE2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:49CABE45
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:824FDFA6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:77F75B20
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D2C51E3D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B3942462
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:76C56CCB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0D0FBDB4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2838A8E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AA2A4FE5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:30ECA2C2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14DFF9B1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB283BE7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7169BE62
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D5C6F9C4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B8AF0F0F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A0A9201B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2F8DACDA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2107C29C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0616FC84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DAA4EE93
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52F1AC85
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D68CEF0B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F8DCF908
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9256664B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5711EF65
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9726EA15
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:39BCA499
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A7601C61
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B07EB05A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E7801FF
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A5B27FF0
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FE3BBC0F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:74D9C82E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DE1CB753
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FC2F0C2F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CE63AEF4
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:79DB7B30

< End of report >

Edited by confusled, 13 September 2011 - 07:50 PM.

#3
maliprog

Posted 27 September 2011 - 12:01 AM

Trusted Helper

Malware Removal
6,172 posts

Hello confusled and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Sorry for delay... Let's get started!

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2010/10/04 16:43:35 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {ff19b72a-36ed-4066-8865-a580ae938cce} - Reg Error: No CLSID value found. File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/09/10 02:38:41 | 000,000,000 | ---D | M]
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll) -C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (roc.dll) - File not found
O33 - MountPoints2\{32c64207-34d7-11de-aac7-001b24e691fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{32c64207-34d7-11de-aac7-001b24e691fd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{61525ed5-510a-11de-bedf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61525ed5-510a-11de-bedf-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6ed6874b-5e6d-11de-9084-001a73db613c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed6874b-5e6d-11de-9084-001a73db613c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ab98fbd7-a82a-11dd-8d6c-001b24e691fd}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{ab98fbd7-a82a-11dd-8d6c-001b24e691fd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL config.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2010/04/15 18:24:03 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Ihurugab.dat
[2010/04/15 18:24:03 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Kpikorunifusizeb.bin
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:182E7BAA
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:98F800E5
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:C8FE540E
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5A14966B
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:517FAB99
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E9EFBEF6
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:78D09D71
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E0C2ABF7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DF2C953B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1B8B59DB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AF2F4B57
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E85475C7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BA37E1F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6E7A5A95
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:42478B0E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:1E6212E6
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A37FCC3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:61EAC7DA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2AF40C07
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:03460648
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:000A1C66
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E5121D26
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C76BA037
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9A1A77DD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9CAEE170
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:67518200
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CA8D6B60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A95624CB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:744022A1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:362B7440
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:00DA4A46
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:94124B85
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:252B7D28
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E21D3CA0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:77183025
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EAA88D28
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:64EC809E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:50E7393E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2CC3B9D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8CD95DE0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D29B16C5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:983B4DC0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6B86037F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C3A9C939
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7DF1EF45
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3FB71C37
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FB601DB3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:931BB48A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A9CF5CA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F8C595D1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E7730732
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A59DD4AD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6ECD2470
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0A423B55
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EBFD4E6F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D53D29CC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8396196A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:36CB2BB0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2C399CCA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4290D685
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A20F1AF8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8A26C97F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4B4E93EE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D19F6C18
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAE777AD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BAFBDA0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D6D87980
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:887EAE14
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:878F15F1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B1E64E47
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4709F39D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2B4FA895
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A61A6FCC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:969736FD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8BCF4DE2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:49CABE45
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:824FDFA6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:77F75B20
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D2C51E3D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B3942462
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:76C56CCB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0D0FBDB4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2838A8E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AA2A4FE5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:30ECA2C2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14DFF9B1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB283BE7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7169BE62
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D5C6F9C4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B8AF0F0F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A0A9201B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2F8DACDA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2107C29C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0616FC84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DAA4EE93
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52F1AC85
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D68CEF0B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F8DCF908
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9256664B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5711EF65
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9726EA15
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:39BCA499
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A7601C61
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B07EB05A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E7801FF
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A5B27FF0
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FE3BBC0F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:74D9C82E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DE1CB753
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FC2F0C2F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CE63AEF4
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:79DB7B30

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

OTL fix log
Combofix log

It would be helpful if you could post each log in separate post

#4
maliprog

Posted 04 October 2011 - 04:02 AM

Trusted Helper

Malware Removal
6,172 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.