Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware undetectable thus far


  • This topic is locked This topic is locked

#1
ropeadopa

ropeadopa

    Member

  • Member
  • PipPip
  • 31 posts
Everyone in my yahoo friends list is getting massive amounts of spam mail from me that I never sent. I've full scanned with malwarebytes and it found a trojan on my external drive. Also scanned with AVG and Superantispyware and got nothing.

Nothing is working thus far. Friends very annoyed getting random spam mails.

Any help would be much appreciated.






OTL logfile created on: 10/7/2011 9:51:02 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\rope\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 31.79% Memory free
8.00 Gb Paging File | 4.20 Gb Available in Paging File | 52.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.69 Gb Total Space | 39.76 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 76.35 Gb Free Space | 16.39% Space Free | Partition Type: NTFS

Computer Name: DI | User Name: rope | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 21:50:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\rope\Downloads\OTL.exe
PRC - [2011/10/07 17:20:50 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/06 23:43:46 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/29 22:13:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 004,183,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/16 12:10:20 | 013,867,016 | ---- | M] (Cake Gaming N.V.) -- C:\Program Files (x86)\Cake Poker 2.0\PokerClient.exe
PRC - [2011/09/16 12:10:20 | 000,644,056 | ---- | M] (Cake Gaming N.V.) -- C:\Program Files (x86)\Cake Poker 2.0\CakeNotifier.exe
PRC - [2011/09/13 20:20:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/17 11:52:04 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 21:26:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/11/05 15:58:48 | 006,488,064 | ---- | M] (Ronald E. Mercer) -- C:\Program Files (x86)\Qtracker\qtracker.exe
PRC - [2010/10/19 08:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/01/12 11:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/07 21:47:51 | 000,052,736 | ---- | M] () -- C:\Users\rope\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/07 21:47:36 | 000,063,488 | ---- | M] () -- C:\Users\rope\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/07 21:47:34 | 000,117,760 | ---- | M] () -- C:\Users\rope\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/29 22:13:58 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 22:24:13 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/27 22:24:11 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/27 22:24:09 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/27 22:24:07 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/09/27 22:24:05 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/09/27 13:24:04 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/18 22:36:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/09/18 22:36:37 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
MOD - [2011/09/18 22:36:36 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/09/18 22:36:26 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/09/18 22:36:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/18 22:36:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
MOD - [2011/09/18 22:36:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/09/18 22:35:34 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
MOD - [2011/09/18 22:35:33 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
MOD - [2011/09/18 22:35:31 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
MOD - [2011/09/18 22:35:31 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
MOD - [2011/09/18 22:35:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/09/18 22:35:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/18 22:35:01 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/09/18 22:34:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/18 22:34:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/18 22:34:46 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/18 22:34:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/09/18 22:34:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/11/04 21:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/01/11 20:09:34 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/01/02 23:52:20 | 000,052,224 | ---- | M] () -- C:\Users\rope\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/31 15:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/10/07 17:20:50 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/27 22:24:15 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/13 20:20:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 11:52:04 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/19 08:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/14 18:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 13:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/09/30 06:36:14 | 000,013,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pstrip64.sys -- (PStrip64)
DRV - [2010/06/13 23:45:02 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2010/05/08 18:20:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/08 18:20:14 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/01 22:00:31 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 F7 29 F4 5D 79 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.socks_version: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rope\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rope\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/09 09:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 17:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/29 22:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/16 18:20:35 | 000,000,000 | ---D | M]

[2009/12/19 23:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rope\AppData\Roaming\Mozilla\Extensions
[2011/09/29 19:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions
[2011/09/27 19:19:23 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/09/27 19:19:24 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/01/02 22:56:37 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/09/29 19:19:20 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2011/03/28 01:21:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\[email protected]
[2010/01/02 22:56:36 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\extensions\[email protected]
[2011/10/07 17:20:49 | 000,003,674 | ---- | M] () -- C:\Users\rope\AppData\Roaming\Mozilla\Firefox\Profiles\7t4y3efw.default\searchplugins\avg-secure-search.xml
[2011/09/27 19:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/27 14:05:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 19:20:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/29 14:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 13:09:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/30 16:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/27 19:16:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/09 09:32:46 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.008.031.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/10/07 17:20:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\ROPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7T4Y3EFW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/29 22:13:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/27 19:16:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/29 00:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/05/05 16:39:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rope\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rope\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rope\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\rope\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\rope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: AVG Safe Search = C:\Users\rope\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Users\rope\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\rope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F729D3B-4134-40F5-9F81-C886653C18BB}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0F3A5E-25C0-4D3C-B321-9C692520F9BB}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4071A55-ACBE-4711-A9DC-DDA36C5D109A}: DhcpNameServer = 167.206.251.130 167.206.251.129
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 18:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/10/07 17:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 17:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/10/07 17:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/07 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Roaming\AVG2012
[2011/10/07 17:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/07 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F950EC4F-6EA8-4462-8A26-45FA7D643F40}
[2011/10/07 13:47:41 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{13A8EA1B-3DCC-43F3-ACF1-F9C0103850C8}
[2011/10/06 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8C3C9C78-D4C2-41A3-8006-6EF666E568E6}
[2011/10/06 18:11:35 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{D2A93A9F-AE68-4802-B251-896DD09EE020}
[2011/10/06 16:12:44 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juicy Stakes 2.0
[2011/10/06 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juicy Stakes 2.0
[2011/10/06 06:11:08 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{48EF47F9-3CEB-4535-A903-EFA206F7699C}
[2011/10/06 06:10:57 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{D9290853-BBD9-47F4-B588-7DCF3B36EDC6}
[2011/10/05 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{21D7D6F4-021D-4FA7-B6C6-FC8CD68CAE9F}
[2011/10/05 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{E8A98FE4-6BF5-444D-BD98-BDA8020E1C0B}
[2011/10/05 06:09:50 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C486870D-8BF8-415E-B20C-5764598E9CA3}
[2011/10/05 06:09:39 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5899B836-DCC9-4880-97A9-1D8DC30C1C8B}
[2011/10/04 22:17:59 | 003,496,848 | ---- | C] (Piriform Ltd) -- C:\Users\rope\Desktop\ccsetup311(1).exe
[2011/10/04 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\CPN
[2011/10/04 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
[2011/10/04 21:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cake Poker 2.0
[2011/10/04 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{74DF1340-4AA5-4683-BA76-91EE8D55B65F}
[2011/10/04 13:32:48 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{641D1C34-C8A3-4313-9157-D459E1AB54AD}
[2011/10/04 00:03:56 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{46746668-1290-416A-9389-B728DA2CA583}
[2011/10/03 12:03:29 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8DBC40A6-2EE7-440B-9F4B-AC7267D86A77}
[2011/10/03 12:03:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4DBA9C8D-F546-4FB0-9042-CFAB1EA7BFB1}
[2011/10/02 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{70082853-3B01-4C8B-BCE4-5D2F7BB6610F}
[2011/10/02 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{BCB508DD-51FA-4C0F-8BFC-2B6520A2C339}
[2011/10/02 09:07:15 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1C4271F2-40D0-475F-A534-F8AF9D579405}
[2011/10/02 09:07:03 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4E96BBE5-1754-4C5C-B068-3C9835A86D7F}
[2011/10/01 18:10:30 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1C946B9E-DEDD-4443-9F13-86CDE962DF5A}
[2011/10/01 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4C1D046A-C207-4F76-BBC3-D24D6E2C17C2}
[2011/10/01 06:09:49 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5BE9E02A-0306-4104-86E3-AF13AA51DDCB}
[2011/10/01 06:09:37 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F9EABBDE-473A-4811-9252-75E73DF30185}
[2011/09/30 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{9A122F1B-2639-4E8D-80B9-C6A5C06AFAEE}
[2011/09/30 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{97E2D01E-4AD1-4D8E-A7C4-A5703944A5C6}
[2011/09/30 05:52:43 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{20EA1B20-6596-4917-BA7C-50494A253C11}
[2011/09/30 05:52:32 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{63B5916F-969B-42FE-8C3D-B6398DD7EA41}
[2011/09/29 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{41F2AD4E-CD46-4E68-BED9-C31BAC475EE0}
[2011/09/29 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{39375C75-AC26-40FA-B1A7-50BE2D6774DA}
[2011/09/29 05:51:25 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0E5882A2-C5C4-48B1-8160-645323552BAA}
[2011/09/29 05:51:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{E87DE4B2-FAA3-4EE9-8318-DF9D560D81B0}
[2011/09/28 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{FB416571-1DBA-44D7-88DA-D4713AB8F7BD}
[2011/09/28 14:59:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{984CF31F-5FB8-4A35-9E07-A44F51A375C0}
[2011/09/28 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8F00B4D3-F1E1-493E-AF08-D62BC1F39741}
[2011/09/27 19:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/27 19:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/27 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\GameSpy
[2011/09/27 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{191B7A87-4905-49B4-B790-485CC2583C1A}
[2011/09/27 13:24:09 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{B8FE4BAC-6D9F-4936-A34D-5223E30387BE}
[2011/09/27 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\ApplicationHistory
[2011/09/26 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2011/09/26 15:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2011/09/26 15:40:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/09/26 13:52:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0F6119A9-ED74-43E3-85EC-164F6C1D99F9}
[2011/09/26 01:52:22 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{7EAC32E8-DBDB-45CA-9BEF-1E99559102E8}
[2011/09/25 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{07DC4E46-3D29-4629-AFAD-AD4E7664AE91}
[2011/09/25 13:51:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{2A65FAB5-B123-47DD-B017-115815FA2C0E}
[2011/09/24 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C7CDEC5A-E9B3-4B5B-94FC-676613DBDEC4}
[2011/09/24 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{A48E2230-523E-430B-8C5C-F4624ADA9E08}
[2011/09/23 19:06:51 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{9107BF95-667E-4974-9AA2-FEB28F8DD45B}
[2011/09/23 19:06:40 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C20CFB70-3652-463A-B622-5CE0407CB8CE}
[2011/09/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F9A64CFE-BDF1-4A78-95EB-B5E64FF61D7F}
[2011/09/22 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1E644EB7-0343-4F0D-B3A5-04C085C84486}
[2011/09/21 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{CECAF0E4-DC8B-4A8A-A4F7-92E56AB13A91}
[2011/09/21 23:48:33 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5D6E879B-73FF-4CB5-A1AD-B72067802B18}
[2011/09/21 16:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetOnline Poker
[2011/09/21 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BetOnline Poker
[2011/09/21 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{030FAEDD-1F34-41AE-813D-4C6B51C29FE8}
[2011/09/21 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{2DEBF861-B57C-47CB-9677-5048D1B1AD0B}
[2011/09/20 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5529C8C8-31D7-4509-9D80-0F6B4DE446A9}
[2011/09/20 12:50:32 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{56E370E4-1695-4971-9733-1110EBED28F5}
[2011/09/19 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0910FCAE-9580-4F11-950A-1476D92C6377}
[2011/09/19 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1404A772-71BA-4B6E-A5C3-D335C69F473E}
[2011/09/18 21:04:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{715CB733-4C4F-4D76-BA3B-1D6F4ACCEDED}
[2011/09/18 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{A63B2EE4-0D77-418C-816C-DC2457395F1A}
[2011/09/18 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{7E159BE0-99AA-4C11-A48F-C096311CA715}
[2011/09/18 09:03:28 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{B44BFBEE-A08C-456E-ADEF-A637A2967673}
[2011/09/17 16:34:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1283A95B-28A8-4572-85EC-2BD4E288BF64}
[2011/09/17 16:34:07 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{EDF51FDC-4747-4ECA-84E1-52D22B76EEE4}
[2011/09/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/09/16 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{6F72A553-1A33-4489-AD3D-B8789F2DAA17}
[2011/09/16 22:16:58 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1043856B-14D0-46D0-800F-8EB0381E5213}
[2011/09/16 09:01:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{69028E3E-E16B-4ACD-BB23-02285FEFFBA9}
[2011/09/16 09:01:03 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5329CC01-111C-4850-AD84-CB9A68F935E4}
[2011/09/15 21:40:53 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\dxhr
[2011/09/15 21:39:59 | 000,000,000 | ---D | C] -- C:\Users\rope\Documents\ALI213
[2011/09/15 21:39:59 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\28050
[2011/09/15 20:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2011/09/15 20:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix
[2011/09/15 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{ABA88B1B-82BE-42DB-AA0F-B28309F96CEC}
[2011/09/15 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{B3AEBB9D-CCA8-4301-85BA-C1BC7FECFF55}
[2011/09/14 13:48:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{BFAB63F3-BDD5-42E6-9AE7-DA779F2C0C15}
[2011/09/14 13:48:40 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{29BC9B0F-927F-4B4B-99D3-29C3854B1817}
[2011/09/13 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4D8E18C1-10B2-46F3-9FE4-4CB5709D70C8}
[2011/09/13 23:46:50 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5EC60E4A-6BCD-475C-926A-3E1AB1256360}
[2011/09/13 19:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/10 02:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 21:46:31 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/07 21:36:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 21:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144879191-867435321-3832854781-1001UA.job
[2011/10/07 20:36:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 18:34:12 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/07 17:23:34 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 17:20:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/07 15:13:02 | 021,073,936 | ---- | M] () -- C:\Users\rope\Desktop\vlc-1.1.11-win32.exe
[2011/10/07 14:40:24 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/07 13:54:19 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 13:54:19 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 13:51:00 | 000,739,620 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/07 13:51:00 | 000,632,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/07 13:51:00 | 000,110,518 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/07 13:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 13:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/10/07 13:46:00 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 22:14:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144879191-867435321-3832854781-1001Core.job
[2011/10/06 16:12:44 | 000,001,099 | ---- | M] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\Juicy Stakes 2.0.lnk
[2011/10/06 16:12:44 | 000,001,075 | ---- | M] () -- C:\Users\rope\Desktop\Juicy Stakes 2.0.lnk
[2011/10/06 15:57:53 | 001,532,990 | ---- | M] () -- C:\Users\rope\Desktop\1317921566483.gif
[2011/10/06 14:16:26 | 000,002,386 | ---- | M] () -- C:\Users\rope\Desktop\Google Chrome.lnk
[2011/10/04 22:18:17 | 003,496,848 | ---- | M] (Piriform Ltd) -- C:\Users\rope\Desktop\ccsetup311(1).exe
[2011/10/04 21:09:53 | 000,001,080 | ---- | M] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2011/10/04 21:09:53 | 000,001,056 | ---- | M] () -- C:\Users\rope\Desktop\Cake Poker 2.0.lnk
[2011/09/29 22:14:04 | 000,002,052 | ---- | M] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/27 13:24:13 | 000,000,092 | ---- | M] () -- C:\Users\rope\AppData\Local\fusioncache.dat
[2011/09/27 13:22:33 | 000,349,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/26 16:44:02 | 000,001,917 | ---- | M] () -- C:\Users\rope\Desktop\Crysis - Shortcut.lnk
[2011/09/26 15:41:46 | 000,001,995 | ---- | M] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
[2011/09/26 15:41:46 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2011/09/26 15:41:19 | 000,755,554 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/26 15:29:44 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/09/26 15:29:18 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2011/09/25 18:13:15 | 000,275,832 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/21 16:47:15 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\BetOnline Poker.lnk
[2011/09/17 23:24:52 | 001,758,171 | ---- | M] () -- C:\Users\rope\Desktop\1316315708500.gif
[2011/09/15 20:57:44 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2011/09/15 20:37:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/15 00:08:55 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/13 23:45:29 | 000,000,955 | ---- | M] () -- C:\Users\rope\Documents\My Sharing Folders.lnk
[2011/09/13 20:20:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/13 19:40:07 | 000,001,294 | ---- | M] () -- C:\Users\rope\Desktop\iw3sp - Shortcut.lnk
[2011/09/13 19:17:35 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2011/09/13 19:17:35 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2011/09/13 19:16:57 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2011/09/13 19:05:05 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/09/13 13:29:33 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 18:34:12 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/07 17:20:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/07 15:12:33 | 021,073,936 | ---- | C] () -- C:\Users\rope\Desktop\vlc-1.1.11-win32.exe
[2011/10/06 16:12:44 | 000,001,099 | ---- | C] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\Juicy Stakes 2.0.lnk
[2011/10/06 16:12:44 | 000,001,075 | ---- | C] () -- C:\Users\rope\Desktop\Juicy Stakes 2.0.lnk
[2011/10/06 15:57:48 | 001,532,990 | ---- | C] () -- C:\Users\rope\Desktop\1317921566483.gif
[2011/10/04 21:09:53 | 000,001,080 | ---- | C] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2011/10/04 21:09:53 | 000,001,056 | ---- | C] () -- C:\Users\rope\Desktop\Cake Poker 2.0.lnk
[2011/09/27 13:24:13 | 000,000,092 | ---- | C] () -- C:\Users\rope\AppData\Local\fusioncache.dat
[2011/09/26 16:35:23 | 000,001,917 | ---- | C] () -- C:\Users\rope\Desktop\Crysis - Shortcut.lnk
[2011/09/26 15:41:46 | 000,001,995 | ---- | C] () -- C:\Users\rope\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
[2011/09/26 15:41:46 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2011/09/26 15:41:18 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/26 15:29:18 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2011/09/21 16:47:15 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\BetOnline Poker.lnk
[2011/09/17 23:24:50 | 001,758,171 | ---- | C] () -- C:\Users\rope\Desktop\1316315708500.gif
[2011/09/15 20:57:44 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2011/09/15 00:08:55 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/13 23:45:29 | 000,000,955 | ---- | C] () -- C:\Users\rope\Documents\My Sharing Folders.lnk
[2011/09/13 23:45:16 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/09/13 19:40:07 | 000,001,294 | ---- | C] () -- C:\Users\rope\Desktop\iw3sp - Shortcut.lnk
[2011/09/13 19:17:35 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2011/09/13 19:17:35 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/21 18:57:14 | 000,046,742 | ---- | C] () -- C:\Users\rope\AppData\Roaming\room.dat
[2011/04/30 21:07:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/30 21:07:22 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/27 15:11:21 | 000,006,144 | ---- | C] () -- C:\Users\rope\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/04 16:40:24 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/23 12:52:02 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/01/11 20:10:27 | 000,190,976 | R--- | C] () -- C:\Windows\SysWow64\Wgalogon.dll
[2010/01/01 23:42:58 | 000,009,935 | ---- | C] () -- C:\Users\rope\AppData\Roaming\PStrip.bko
[2010/01/01 23:37:43 | 000,009,971 | ---- | C] () -- C:\Users\rope\AppData\Roaming\PStrip.bk!
[2010/01/01 23:37:42 | 000,009,971 | ---- | C] () -- C:\Users\rope\AppData\Roaming\PStrip.bak
[2010/01/01 22:10:59 | 000,009,971 | ---- | C] () -- C:\Users\rope\AppData\Roaming\PStrip.ini
[2010/01/01 22:09:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/26 23:21:04 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/26 23:21:04 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/22 23:44:40 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/12/22 23:44:38 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/22 23:44:34 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/12/20 18:45:06 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2009/12/20 17:14:50 | 000,000,849 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/20 12:35:38 | 000,007,607 | ---- | C] () -- C:\Users\rope\AppData\Local\Resmon.ResmonCfg
[2009/12/20 01:15:03 | 000,000,524 | ---- | C] () -- C:\Windows\QIII.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/23 12:00:02 | 000,667,136 | R--- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2008/09/21 00:13:46 | 000,530,976 | ---- | C] () -- C:\Windows\SysWow64\OGAVerify.exe
[2002/10/03 15:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini

========== LOP Check ==========

[2010/09/01 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\.jxed
[2009/12/20 14:46:10 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\Absolute Poker
[2009/12/20 02:30:32 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\acccore
[2010/11/14 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\Activision
[2010/11/24 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\AVG
[2011/10/07 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\AVG2012
[2011/08/29 13:38:52 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\Bioshock2
[2011/02/05 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\FreeArc
[2010/09/05 01:18:20 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\HD Tune Pro
[2010/08/06 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\Leadertech
[2010/12/04 00:08:44 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\TeamViewer
[2010/04/18 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\UB
[2010/01/30 17:44:12 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\UBNet
[2011/09/29 23:23:58 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\uTorrent
[2010/05/01 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\VTExtra
[2009/12/28 19:34:03 | 000,000,000 | ---D | M] -- C:\Users\rope\AppData\Roaming\Wireshark
[2011/09/13 01:43:12 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Juicy Stakes 2.0:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ropeadopa and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

You need to change your mail password. Please find another, clean PC and change password on your mail account. DON'T USE your infected PC for this!

This should stop spam messages from your account.

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.socks_port: 1080
    FF - prefs.js..network.proxy.socks_version: 4
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
    O33 - MountPoints2\Z\Shell - "" = AutoRun
    O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
    [2011/10/07 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F950EC4F-6EA8-4462-8A26-45FA7D643F40}
    [2011/10/07 13:47:41 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{13A8EA1B-3DCC-43F3-ACF1-F9C0103850C8}
    [2011/10/06 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8C3C9C78-D4C2-41A3-8006-6EF666E568E6}
    [2011/10/06 18:11:35 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{D2A93A9F-AE68-4802-B251-896DD09EE020}
    [2011/10/06 06:11:08 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{48EF47F9-3CEB-4535-A903-EFA206F7699C}
    [2011/10/06 06:10:57 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{D9290853-BBD9-47F4-B588-7DCF3B36EDC6}
    [2011/10/05 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{21D7D6F4-021D-4FA7-B6C6-FC8CD68CAE9F}
    [2011/10/05 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{E8A98FE4-6BF5-444D-BD98-BDA8020E1C0B}
    [2011/10/05 06:09:50 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C486870D-8BF8-415E-B20C-5764598E9CA3}
    [2011/10/05 06:09:39 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5899B836-DCC9-4880-97A9-1D8DC30C1C8B}
    [2011/10/04 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{74DF1340-4AA5-4683-BA76-91EE8D55B65F}
    [2011/10/04 13:32:48 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{641D1C34-C8A3-4313-9157-D459E1AB54AD}
    [2011/10/04 00:03:56 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{46746668-1290-416A-9389-B728DA2CA583}
    [2011/10/03 12:03:29 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8DBC40A6-2EE7-440B-9F4B-AC7267D86A77}
    [2011/10/03 12:03:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4DBA9C8D-F546-4FB0-9042-CFAB1EA7BFB1}
    [2011/10/02 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{70082853-3B01-4C8B-BCE4-5D2F7BB6610F}
    [2011/10/02 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{BCB508DD-51FA-4C0F-8BFC-2B6520A2C339}
    [2011/10/02 09:07:15 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1C4271F2-40D0-475F-A534-F8AF9D579405}
    [2011/10/02 09:07:03 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4E96BBE5-1754-4C5C-B068-3C9835A86D7F}
    [2011/10/01 18:10:30 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1C946B9E-DEDD-4443-9F13-86CDE962DF5A}
    [2011/10/01 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4C1D046A-C207-4F76-BBC3-D24D6E2C17C2}
    [2011/10/01 06:09:49 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5BE9E02A-0306-4104-86E3-AF13AA51DDCB}
    [2011/10/01 06:09:37 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F9EABBDE-473A-4811-9252-75E73DF30185}
    [2011/09/30 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{9A122F1B-2639-4E8D-80B9-C6A5C06AFAEE}
    [2011/09/30 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{97E2D01E-4AD1-4D8E-A7C4-A5703944A5C6}
    [2011/09/30 05:52:43 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{20EA1B20-6596-4917-BA7C-50494A253C11}
    [2011/09/30 05:52:32 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{63B5916F-969B-42FE-8C3D-B6398DD7EA41}
    [2011/09/29 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{41F2AD4E-CD46-4E68-BED9-C31BAC475EE0}
    [2011/09/29 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{39375C75-AC26-40FA-B1A7-50BE2D6774DA}
    [2011/09/29 05:51:25 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0E5882A2-C5C4-48B1-8160-645323552BAA}
    [2011/09/29 05:51:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{E87DE4B2-FAA3-4EE9-8318-DF9D560D81B0}
    [2011/09/28 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{FB416571-1DBA-44D7-88DA-D4713AB8F7BD}
    [2011/09/28 14:59:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{984CF31F-5FB8-4A35-9E07-A44F51A375C0}
    [2011/09/28 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{8F00B4D3-F1E1-493E-AF08-D62BC1F39741}
    [2011/09/26 13:52:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0F6119A9-ED74-43E3-85EC-164F6C1D99F9}
    [2011/09/26 01:52:22 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{7EAC32E8-DBDB-45CA-9BEF-1E99559102E8}
    [2011/09/25 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{07DC4E46-3D29-4629-AFAD-AD4E7664AE91}
    [2011/09/25 13:51:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{2A65FAB5-B123-47DD-B017-115815FA2C0E}
    [2011/09/24 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C7CDEC5A-E9B3-4B5B-94FC-676613DBDEC4}
    [2011/09/24 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{A48E2230-523E-430B-8C5C-F4624ADA9E08}
    [2011/09/23 19:06:51 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{9107BF95-667E-4974-9AA2-FEB28F8DD45B}
    [2011/09/23 19:06:40 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{C20CFB70-3652-463A-B622-5CE0407CB8CE}
    [2011/09/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{F9A64CFE-BDF1-4A78-95EB-B5E64FF61D7F}
    [2011/09/22 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1E644EB7-0343-4F0D-B3A5-04C085C84486}
    [2011/09/21 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{CECAF0E4-DC8B-4A8A-A4F7-92E56AB13A91}
    [2011/09/21 23:48:33 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5D6E879B-73FF-4CB5-A1AD-B72067802B18}
    [2011/09/21 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{030FAEDD-1F34-41AE-813D-4C6B51C29FE8}
    [2011/09/21 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{2DEBF861-B57C-47CB-9677-5048D1B1AD0B}
    [2011/09/20 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5529C8C8-31D7-4509-9D80-0F6B4DE446A9}
    [2011/09/20 12:50:32 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{56E370E4-1695-4971-9733-1110EBED28F5}
    [2011/09/19 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{0910FCAE-9580-4F11-950A-1476D92C6377}
    [2011/09/19 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1404A772-71BA-4B6E-A5C3-D335C69F473E}
    [2011/09/18 21:04:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{715CB733-4C4F-4D76-BA3B-1D6F4ACCEDED}
    [2011/09/18 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{A63B2EE4-0D77-418C-816C-DC2457395F1A}
    [2011/09/18 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{7E159BE0-99AA-4C11-A48F-C096311CA715}
    [2011/09/18 09:03:28 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{B44BFBEE-A08C-456E-ADEF-A637A2967673}
    [2011/09/17 16:34:18 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1283A95B-28A8-4572-85EC-2BD4E288BF64}
    [2011/09/17 16:34:07 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{EDF51FDC-4747-4ECA-84E1-52D22B76EEE4}
    [2011/09/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    [2011/09/16 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{6F72A553-1A33-4489-AD3D-B8789F2DAA17}
    [2011/09/16 22:16:58 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{1043856B-14D0-46D0-800F-8EB0381E5213}
    [2011/09/16 09:01:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{69028E3E-E16B-4ACD-BB23-02285FEFFBA9}
    [2011/09/16 09:01:03 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5329CC01-111C-4850-AD84-CB9A68F935E4}
    [2011/09/15 21:40:53 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\dxhr
    [2011/09/15 21:39:59 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\28050
    [2011/09/15 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{ABA88B1B-82BE-42DB-AA0F-B28309F96CEC}
    [2011/09/15 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{B3AEBB9D-CCA8-4301-85BA-C1BC7FECFF55}
    [2011/09/14 13:48:52 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{BFAB63F3-BDD5-42E6-9AE7-DA779F2C0C15}
    [2011/09/14 13:48:40 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{29BC9B0F-927F-4B4B-99D3-29C3854B1817}
    [2011/09/13 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{4D8E18C1-10B2-46F3-9FE4-4CB5709D70C8}
    [2011/09/13 23:46:50 | 000,000,000 | ---D | C] -- C:\Users\rope\AppData\Local\{5EC60E4A-6BCD-475C-926A-3E1AB1256360}

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#3
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi thanks for the help.

Yahoo made me change my password saying my account has been compromised and now I no longer am sending out spam mail. I was unaware It was a hacker rather than a virus.

Would you still like me to follow these steps?

Edited by ropeadopa, 12 October 2011 - 04:17 AM.

  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ropeadopa,

I would like to clean your PC from malware. You have changed password but this is no guarantee that malware won't steal it again. Malware is still on your system...

Please follow my steps and post logs here for me.
  • 0

#5
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
All processes killed
========== OTL ==========
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: 4 removed from network.proxy.socks_version
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
File Z:\autorun.exe not found.
C:\Users\rope\AppData\Local\{F950EC4F-6EA8-4462-8A26-45FA7D643F40} folder moved successfully.
C:\Users\rope\AppData\Local\{13A8EA1B-3DCC-43F3-ACF1-F9C0103850C8} folder moved successfully.
C:\Users\rope\AppData\Local\{8C3C9C78-D4C2-41A3-8006-6EF666E568E6} folder moved successfully.
C:\Users\rope\AppData\Local\{D2A93A9F-AE68-4802-B251-896DD09EE020} folder moved successfully.
C:\Users\rope\AppData\Local\{48EF47F9-3CEB-4535-A903-EFA206F7699C} folder moved successfully.
C:\Users\rope\AppData\Local\{D9290853-BBD9-47F4-B588-7DCF3B36EDC6} folder moved successfully.
C:\Users\rope\AppData\Local\{21D7D6F4-021D-4FA7-B6C6-FC8CD68CAE9F} folder moved successfully.
C:\Users\rope\AppData\Local\{E8A98FE4-6BF5-444D-BD98-BDA8020E1C0B} folder moved successfully.
C:\Users\rope\AppData\Local\{C486870D-8BF8-415E-B20C-5764598E9CA3} folder moved successfully.
C:\Users\rope\AppData\Local\{5899B836-DCC9-4880-97A9-1D8DC30C1C8B} folder moved successfully.
C:\Users\rope\AppData\Local\{74DF1340-4AA5-4683-BA76-91EE8D55B65F} folder moved successfully.
C:\Users\rope\AppData\Local\{641D1C34-C8A3-4313-9157-D459E1AB54AD} folder moved successfully.
C:\Users\rope\AppData\Local\{46746668-1290-416A-9389-B728DA2CA583} folder moved successfully.
C:\Users\rope\AppData\Local\{8DBC40A6-2EE7-440B-9F4B-AC7267D86A77} folder moved successfully.
C:\Users\rope\AppData\Local\{4DBA9C8D-F546-4FB0-9042-CFAB1EA7BFB1} folder moved successfully.
C:\Users\rope\AppData\Local\{70082853-3B01-4C8B-BCE4-5D2F7BB6610F} folder moved successfully.
C:\Users\rope\AppData\Local\{BCB508DD-51FA-4C0F-8BFC-2B6520A2C339} folder moved successfully.
C:\Users\rope\AppData\Local\{1C4271F2-40D0-475F-A534-F8AF9D579405} folder moved successfully.
C:\Users\rope\AppData\Local\{4E96BBE5-1754-4C5C-B068-3C9835A86D7F} folder moved successfully.
C:\Users\rope\AppData\Local\{1C946B9E-DEDD-4443-9F13-86CDE962DF5A} folder moved successfully.
C:\Users\rope\AppData\Local\{4C1D046A-C207-4F76-BBC3-D24D6E2C17C2} folder moved successfully.
C:\Users\rope\AppData\Local\{5BE9E02A-0306-4104-86E3-AF13AA51DDCB} folder moved successfully.
C:\Users\rope\AppData\Local\{F9EABBDE-473A-4811-9252-75E73DF30185} folder moved successfully.
C:\Users\rope\AppData\Local\{9A122F1B-2639-4E8D-80B9-C6A5C06AFAEE} folder moved successfully.
C:\Users\rope\AppData\Local\{97E2D01E-4AD1-4D8E-A7C4-A5703944A5C6} folder moved successfully.
C:\Users\rope\AppData\Local\{20EA1B20-6596-4917-BA7C-50494A253C11} folder moved successfully.
C:\Users\rope\AppData\Local\{63B5916F-969B-42FE-8C3D-B6398DD7EA41} folder moved successfully.
C:\Users\rope\AppData\Local\{41F2AD4E-CD46-4E68-BED9-C31BAC475EE0} folder moved successfully.
C:\Users\rope\AppData\Local\{39375C75-AC26-40FA-B1A7-50BE2D6774DA} folder moved successfully.
C:\Users\rope\AppData\Local\{0E5882A2-C5C4-48B1-8160-645323552BAA} folder moved successfully.
C:\Users\rope\AppData\Local\{E87DE4B2-FAA3-4EE9-8318-DF9D560D81B0} folder moved successfully.
C:\Users\rope\AppData\Local\{FB416571-1DBA-44D7-88DA-D4713AB8F7BD} folder moved successfully.
C:\Users\rope\AppData\Local\{984CF31F-5FB8-4A35-9E07-A44F51A375C0} folder moved successfully.
C:\Users\rope\AppData\Local\{8F00B4D3-F1E1-493E-AF08-D62BC1F39741} folder moved successfully.
C:\Users\rope\AppData\Local\{0F6119A9-ED74-43E3-85EC-164F6C1D99F9} folder moved successfully.
C:\Users\rope\AppData\Local\{7EAC32E8-DBDB-45CA-9BEF-1E99559102E8} folder moved successfully.
C:\Users\rope\AppData\Local\{07DC4E46-3D29-4629-AFAD-AD4E7664AE91} folder moved successfully.
C:\Users\rope\AppData\Local\{2A65FAB5-B123-47DD-B017-115815FA2C0E} folder moved successfully.
C:\Users\rope\AppData\Local\{C7CDEC5A-E9B3-4B5B-94FC-676613DBDEC4} folder moved successfully.
C:\Users\rope\AppData\Local\{A48E2230-523E-430B-8C5C-F4624ADA9E08} folder moved successfully.
C:\Users\rope\AppData\Local\{9107BF95-667E-4974-9AA2-FEB28F8DD45B} folder moved successfully.
C:\Users\rope\AppData\Local\{C20CFB70-3652-463A-B622-5CE0407CB8CE} folder moved successfully.
C:\Users\rope\AppData\Local\{F9A64CFE-BDF1-4A78-95EB-B5E64FF61D7F} folder moved successfully.
C:\Users\rope\AppData\Local\{1E644EB7-0343-4F0D-B3A5-04C085C84486} folder moved successfully.
C:\Users\rope\AppData\Local\{CECAF0E4-DC8B-4A8A-A4F7-92E56AB13A91} folder moved successfully.
C:\Users\rope\AppData\Local\{5D6E879B-73FF-4CB5-A1AD-B72067802B18} folder moved successfully.
C:\Users\rope\AppData\Local\{030FAEDD-1F34-41AE-813D-4C6B51C29FE8} folder moved successfully.
C:\Users\rope\AppData\Local\{2DEBF861-B57C-47CB-9677-5048D1B1AD0B} folder moved successfully.
C:\Users\rope\AppData\Local\{5529C8C8-31D7-4509-9D80-0F6B4DE446A9} folder moved successfully.
C:\Users\rope\AppData\Local\{56E370E4-1695-4971-9733-1110EBED28F5} folder moved successfully.
C:\Users\rope\AppData\Local\{0910FCAE-9580-4F11-950A-1476D92C6377} folder moved successfully.
C:\Users\rope\AppData\Local\{1404A772-71BA-4B6E-A5C3-D335C69F473E} folder moved successfully.
C:\Users\rope\AppData\Local\{715CB733-4C4F-4D76-BA3B-1D6F4ACCEDED} folder moved successfully.
C:\Users\rope\AppData\Local\{A63B2EE4-0D77-418C-816C-DC2457395F1A} folder moved successfully.
C:\Users\rope\AppData\Local\{7E159BE0-99AA-4C11-A48F-C096311CA715} folder moved successfully.
C:\Users\rope\AppData\Local\{B44BFBEE-A08C-456E-ADEF-A637A2967673} folder moved successfully.
C:\Users\rope\AppData\Local\{1283A95B-28A8-4572-85EC-2BD4E288BF64} folder moved successfully.
C:\Users\rope\AppData\Local\{EDF51FDC-4747-4ECA-84E1-52D22B76EEE4} folder moved successfully.
C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE folder moved successfully.
C:\Users\rope\AppData\Local\{6F72A553-1A33-4489-AD3D-B8789F2DAA17} folder moved successfully.
C:\Users\rope\AppData\Local\{1043856B-14D0-46D0-800F-8EB0381E5213} folder moved successfully.
C:\Users\rope\AppData\Local\{69028E3E-E16B-4ACD-BB23-02285FEFFBA9} folder moved successfully.
C:\Users\rope\AppData\Local\{5329CC01-111C-4850-AD84-CB9A68F935E4} folder moved successfully.
C:\Users\rope\AppData\Local\dxhr\cache\data\players folder moved successfully.
C:\Users\rope\AppData\Local\dxhr\cache\data\186816-256-64-DDS_FORMAT_DXT1-False folder moved successfully.
C:\Users\rope\AppData\Local\dxhr\cache\data\186815-256-64-DDS_FORMAT_DXT1-False folder moved successfully.
C:\Users\rope\AppData\Local\dxhr\cache\data folder moved successfully.
C:\Users\rope\AppData\Local\dxhr\cache folder moved successfully.
C:\Users\rope\AppData\Local\dxhr folder moved successfully.
C:\Users\rope\AppData\Local\28050\eidos\ce5c1f41\cache\temp folder moved successfully.
C:\Users\rope\AppData\Local\28050\eidos\ce5c1f41\cache\persistent folder moved successfully.
C:\Users\rope\AppData\Local\28050\eidos\ce5c1f41\cache folder moved successfully.
C:\Users\rope\AppData\Local\28050\eidos\ce5c1f41 folder moved successfully.
C:\Users\rope\AppData\Local\28050\eidos folder moved successfully.
C:\Users\rope\AppData\Local\28050 folder moved successfully.
C:\Users\rope\AppData\Local\{ABA88B1B-82BE-42DB-AA0F-B28309F96CEC} folder moved successfully.
C:\Users\rope\AppData\Local\{B3AEBB9D-CCA8-4301-85BA-C1BC7FECFF55} folder moved successfully.
C:\Users\rope\AppData\Local\{BFAB63F3-BDD5-42E6-9AE7-DA779F2C0C15} folder moved successfully.
C:\Users\rope\AppData\Local\{29BC9B0F-927F-4B4B-99D3-29C3854B1817} folder moved successfully.
C:\Users\rope\AppData\Local\{4D8E18C1-10B2-46F3-9FE4-4CB5709D70C8} folder moved successfully.
C:\Users\rope\AppData\Local\{5EC60E4A-6BCD-475C-926A-3E1AB1256360} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\rope\Downloads\cmd.bat deleted successfully.
C:\Users\rope\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: rope
->Temp folder emptied: 568232 bytes
->Temporary Internet Files folder emptied: 15215254 bytes
->Java cache emptied: 6511240 bytes
->FireFox cache emptied: 56977742 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8197784 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66725 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: rope
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10122011_195440

Files\Folders moved on Reboot...
C:\Users\rope\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\rope\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGIRFZQW\today[1].htm not found!
File\Folder C:\Users\rope\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG6H41T4\ADSAdClient31[2].htm not found!
C:\Users\rope\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG6H41T4\B5930995;sz=300x250;ord=136399776[1].htm moved successfully.
File\Folder C:\Users\rope\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG6H41T4\tt[1].htm not found!

Registry entries deleted on Reboot...
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ropeadopa,

I'm still waiting for GMER and VRT log. Do you have nay problems running them?
  • 0

#7
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi ropeadopa,

I'm still waiting for GMER and VRT log. Do you have nay problems running them?

Sorry no I still have to run them. I work all the freakin time I never have a minute. Appreciate the help though. Ill do them soon and post.
  • 0

#8
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
gmer only allowed me to check 3 things to scan by default. rest of it was grayed out.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-17 17:24:18
Windows 6.1.7601 Service Pack 1
Running: sbjdtvmd.exe


---- Files - GMER 1.0.15 ----

File C:\Users\rope\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UUL97L3\ADSAdClient31[2].htm 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ropeadopa,

OK. That's fine. Please run VRT and post log after the scan.
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
User returned

Hi ropeadopa,

I'm glad that your system is good. We need to do some cleanup now :)

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I did cleanup with otl and when i started windows it says "could not locate 208203.exe" or something. Maybe the virus?
  • 0

#13
ropeadopa

ropeadopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok just ran TFC and didn't get the message on restart.

Thanks for the help!!
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP