[acajelen]

When I click icons right click, it says to me "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience..." "Send/dont send message..". But when I try to click right click on folders that I made, or folders that contains sonmething it works fine. I found some people having problems with similar virus but that virus makes desktop background blue. I dont have that problem. Only with right click. I think I got it by opening some downloaded programs, I am not sure when I got it. Thanks in advance!

[Advertisements]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

Edited by SweetTech, 24 October 2011 - 02:06 PM.

[SweetTech]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

Edited by SweetTech, 24 October 2011 - 02:06 PM.

[acajelen]

I am asking U to give me 1 more day please. I had troubles with internet and having it now. I will be able to do all of this U wanted tommorow.Pls have understanding.

[SweetTech]

That's perfectly fine, as long as I know you are still with me, I will keep your thread open.

[acajelen]

Here it is:
OTL logfile created on: 27.10.2011 11:54:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,54% Memory free
4,84 Gb Paging File | 3,53 Gb Available in Paging File | 72,95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,29 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 2,02 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive F: | 682,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.27 03:45:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\My Documents\Downloads\OTL.exe
PRC - [2011.10.27 03:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gmer.exe
PRC - [2011.10.23 18:41:02 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011.10.23 18:41:00 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011.10.14 11:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.09.23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011.09.13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.08.17 09:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.04.24 18:57:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.26 19:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.06 16:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
PRC - [2007.09.26 14:32:06 | 001,002,440 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2007.06.01 10:51:34 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007.06.01 10:49:20 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007.06.01 10:45:00 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007.01.18 14:48:42 | 002,752,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.01.16 10:53:08 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.01.12 23:14:34 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.01.12 22:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 20:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.02.06 23:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2000.11.13 19:40:02 | 002,826,240 | ---- | M] () -- C:\Program Files\CAPCOM\ResidentEvil3\ResidentEvil3_menu.exe
PRC - [1998.08.20 14:39:08 | 000,975,872 | ---- | M] (Intelligent Games) -- D:\igre\Dune 2000\DUNE2000.DAT
PRC - [1998.08.17 17:59:44 | 000,091,136 | ---- | M] () -- D:\igre\Dune 2000\DUNE2000.EXE


========== Modules (No Company Name) ==========

MOD - [2011.10.27 03:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gmer.exe
MOD - [2011.10.23 18:41:02 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011.10.23 18:41:00 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011.10.14 11:58:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 14:31:42 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
MOD - [2011.08.25 22:55:57 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007.11.06 16:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
MOD - [2007.10.12 15:16:02 | 000,032,768 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\hodll.dll
MOD - [2007.09.14 07:02:10 | 000,102,400 | ---- | M] () -- C:\Program Files\totalcmd\TCUNZLIB.DLL
MOD - [2007.06.01 10:44:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.04.25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006.10.26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2005.07.22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004.10.14 10:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2000.11.13 19:40:02 | 002,826,240 | ---- | M] () -- C:\Program Files\CAPCOM\ResidentEvil3\ResidentEvil3_menu.exe
MOD - [1998.08.17 17:59:44 | 000,091,136 | ---- | M] () -- D:\igre\Dune 2000\DUNE2000.EXE
MOD - [1997.10.20 15:32:38 | 000,160,768 | ---- | M] () -- D:\igre\Dune 2000\MSS32.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Firewall)
SRV - [2011.10.23 18:41:02 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - [2011.10.23 17:55:05 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.09.06 22:38:54 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.07.11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.13 18:24:40 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007.10.16 12:38:30 | 004,615,168 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.19 15:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007.05.29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.04.03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007.04.02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.11.30 19:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006.11.22 16:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.28 00:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.10.05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2006.06.29 07:13:08 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2304157
IE - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYRS&&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.05.02 16:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.10.25 12:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.14 11:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 14:40:39 | 000,000,000 | ---D | M]

[2010.06.27 17:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Extensions
[2011.10.23 18:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions
[2011.10.13 14:09:20 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.10.13 14:09:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.10.23 18:41:20 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\avg@toolbar
[2011.04.17 13:50:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.10.20 16:01:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.10.27 01:32:35 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\askcom.xml
[2011.10.27 01:32:42 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\avg-secure-search.xml
[2010.06.08 11:30:04 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\conduit.xml
[2011.04.24 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.25 12:06:41 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010.06.30 20:14:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.10.14 11:58:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.14 11:58:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AveoSTI.exe] C:\Program Files\AVEO\AveoCap\AveoSTI.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Master\Start Menu\Programs\Startup\Xfire.lnk = File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66AB7118-19C3-456D-840D-F2DB85B5DE6A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 09:13:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998.08.17 20:08:58 | 000,572,928 | R--- | M] (Westwood Studios) - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1998.07.07 18:54:48 | 000,000,116 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{18515952-fd8f-11e0-a84e-00218548b3b7}\Shell - "" = AutoRun
O33 - MountPoints2\{18515952-fd8f-11e0-a84e-00218548b3b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18515952-fd8f-11e0-a84e-00218548b3b7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- [1998.08.17 20:08:58 | 000,572,928 | R--- | M] (Westwood Studios)
O33 - MountPoints2\{18515952-fd8f-11e0-a84e-00218548b3b7}\Shell\readit\command - "" = notepad readme.txt
O33 - MountPoints2\{4fdb4342-9ce0-11df-abc4-00218548b3b7}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{4fdb4342-9ce0-11df-abc4-00218548b3b7}\Shell\Explore\Command - "" = WScript.exe .\24227.vbs
O33 - MountPoints2\{4fdb4342-9ce0-11df-abc4-00218548b3b7}\Shell\Open\Command - "" = WScript.exe .\24227.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.23 19:31:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.10.23 18:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\AVG2012
[2011.10.23 18:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011.10.23 18:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\AVG Secure Search
[2011.10.23 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011.10.23 18:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011.10.23 18:40:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.10.23 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011.10.23 18:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011.10.23 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.10.23 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.10.23 18:00:06 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011.10.23 18:00:06 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2011.10.23 18:00:05 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2011.10.23 18:00:00 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2011.10.23 17:59:57 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll
[2011.10.23 17:59:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv
[2011.10.23 17:59:57 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011.10.23 17:59:57 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011.10.23 17:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CAPCOM
[2011.10.23 17:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Westwood
[2011.10.23 17:55:55 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011.10.23 17:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\WINDOWS
[2011.10.23 17:55:05 | 000,232,512 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011.10.23 14:37:08 | 000,000,000 | ---D | C] -- C:\Westwood
[2011.10.23 14:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Pro
[2011.10.23 14:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011.10.23 14:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DAEMON Tools Pro
[2011.10.23 14:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011.10.19 00:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.27 12:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.10.27 11:57:10 | 000,109,558 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011.10.27 11:57:10 | 000,109,558 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011.10.27 11:49:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.27 05:27:01 | 107,495,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.10.27 03:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gmer.exe
[2011.10.27 01:10:24 | 000,002,527 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.10.27 00:31:56 | 000,436,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.27 00:31:56 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.27 00:27:47 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.27 00:27:46 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1580436667-1417001333-1003.job
[2011.10.27 00:27:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.26 03:51:12 | 000,051,635 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 03:50:44 | 000,402,244 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 03:48:34 | 000,037,141 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 03:39:44 | 000,776,514 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 03:38:54 | 000,043,194 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.25 12:06:42 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011.10.25 00:08:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.24 05:24:33 | 000,034,139 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011.10.23 18:56:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.10.23 18:51:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1580436667-1417001333-1003.job
[2011.10.23 18:00:03 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 18:00:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.10.23 18:00:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.10.23 17:59:56 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011.10.23 17:59:56 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011.10.23 17:55:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2011.10.23 17:55:05 | 000,232,512 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011.10.23 17:48:19 | 000,033,222 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 13:22:22 | 000,052,939 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 13:22:06 | 000,054,782 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 13:21:53 | 000,047,328 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 13:21:28 | 000,048,776 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 13:09:27 | 000,049,774 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 13:09:16 | 000,046,860 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 13:07:34 | 000,043,722 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 21:49:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.10.21 14:16:07 | 000,034,037 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 14:15:33 | 000,038,454 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 21:19:49 | 000,273,418 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 04:12:35 | 000,098,477 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 17:40:33 | 000,106,800 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 17:40:25 | 000,012,519 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 13:56:48 | 000,172,581 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 13:55:57 | 000,117,665 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 13:55:19 | 000,362,376 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 04:07:31 | 000,024,914 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 03:57:50 | 000,076,307 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.19 00:06:04 | 000,026,009 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 21:35:48 | 000,223,397 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 01:54:37 | 000,164,507 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 01:48:34 | 000,198,310 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 03:37:46 | 000,009,991 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 03:36:12 | 000,034,260 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 12:12:24 | 000,901,586 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 12:09:22 | 000,460,890 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 22:24:28 | 000,024,845 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 02:51:13 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 23:09:56 | 002,092,588 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 23:09:37 | 000,093,848 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 23:05:10 | 000,023,761 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 15:25:30 | 000,049,143 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 15:22:41 | 000,486,178 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 15:18:51 | 000,038,015 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 15:18:20 | 001,175,877 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 15:10:37 | 000,063,678 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 15:01:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.10.10 14:57:40 | 000,028,436 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 05:31:15 | 000,025,258 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 05:30:47 | 000,036,036 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 01:17:52 | 000,073,283 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.27 05:27:01 | 107,495,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.10.26 03:51:11 | 000,051,635 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 03:50:44 | 000,402,244 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 03:48:32 | 000,037,141 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 03:39:43 | 000,776,514 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 03:38:39 | 000,043,194 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.24 05:24:33 | 000,034,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011.10.23 18:41:24 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011.10.23 18:00:03 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 17:59:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011.10.23 17:59:57 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011.10.23 17:55:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2011.10.23 17:48:18 | 000,033,222 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 13:22:21 | 000,052,939 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 13:22:05 | 000,054,782 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 13:21:52 | 000,047,328 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 13:21:28 | 000,048,776 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 13:09:27 | 000,049,774 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 13:09:16 | 000,046,860 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 13:07:33 | 000,043,722 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 21:49:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.10.21 14:16:06 | 000,034,037 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 14:15:33 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 21:19:48 | 000,273,418 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 04:12:34 | 000,098,477 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 17:40:32 | 000,106,800 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 17:40:23 | 000,012,519 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 13:56:47 | 000,172,581 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 13:55:57 | 000,117,665 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 13:55:18 | 000,362,376 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 04:07:30 | 000,024,914 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 03:57:49 | 000,076,307 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.19 00:06:03 | 000,026,009 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 21:35:47 | 000,223,397 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 01:54:36 | 000,164,507 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 01:48:32 | 000,198,310 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 03:37:45 | 000,009,991 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 03:36:10 | 000,034,260 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 12:12:23 | 000,901,586 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 12:09:22 | 000,460,890 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 22:24:27 | 000,024,845 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 02:51:12 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 23:09:55 | 002,092,588 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 23:09:37 | 000,093,848 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 23:05:04 | 000,023,761 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 15:25:30 | 000,049,143 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 15:22:40 | 000,486,178 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 15:18:51 | 000,038,015 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 15:18:19 | 001,175,877 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 15:10:36 | 000,063,678 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 14:57:39 | 000,028,436 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 05:31:15 | 000,025,258 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 05:30:46 | 000,036,036 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 01:17:50 | 000,073,283 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
[2011.07.17 00:51:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\Res2_uninst.exe
[2011.04.16 18:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.12.15 23:23:15 | 000,717,097 | ---- | C] () -- C:\WINDOWS\RON 2010 ENGLISH DL Uninstaller.exe
[2010.07.09 03:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.06.27 17:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.25 20:36:15 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.25 11:06:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.25 11:06:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.25 11:06:26 | 003,315,712 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010.06.25 11:06:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.25 10:59:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.25 10:58:48 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.25 10:58:30 | 000,002,527 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.06.25 09:44:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2010.06.25 09:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010.06.25 09:39:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.06.25 09:28:52 | 000,109,558 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010.06.25 09:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.25 09:10:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,436,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,069,076 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.06.20 06:21:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.20 06:21:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.06.20 06:21:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.20 06:21:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.06.20 06:21:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.20 06:21:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.20 06:21:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.06.20 06:21:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

< End of report >

OTL Extras logfile created on: 27.10.2011 11:54:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,54% Memory free
4,84 Gb Paging File | 3,53 Gb Available in Paging File | 72,95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,29 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 2,02 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive F: | 682,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1409082233-1580436667-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"D:\Sierra\Empire Earth\Empire Earth.exe" = D:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth -- ()
"D:\backup\Desktop\Counter-Strike 1.6 KGB\hl.exe" = D:\backup\Desktop\Counter-Strike 1.6 KGB\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Master\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe" = C:\Documents and Settings\Master\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG instalator -- (AVG Technologies CZ, s.r.o.)
"D:\igre\Dune 2000\DUNE2000.DAT" = D:\igre\Dune 2000\DUNE2000.DAT:*:Disabled:Dune2000 -- (Intelligent Games)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Dijagnostika 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Skener licne e-pošte -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5B73A65F-746A-4D50-B694-BA6A8DF6BC76}" = AveoCap
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DE15F0C0-108D-11D4-AF73-0000E21444C5}" = ResidentEvil3
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"123 Free Solitaire" = 123 Free Solitaire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2012
"conduitEngine" = Conduit Engine
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dune 2000" = Dune 2000
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.01" = Freecorder 4.01 Application
"GameSpy Arcade" = GameSpy Arcade
"Golden Axe 2_is1" = Golden Axe 2
"Golden Axe 3_is1" = Golden Axe 3
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Redtube Video Downloader_is1" = Redtube Video Downloader 3.15
"RESIDENT EVIL2" = RESIDENT EVIL2
"RON 2010 ENGLISH DL" = Rulers Of Nations
"ShopperReportsSA" = ShopperReports
"Totalcmd" = Total Commander (Remove or Repair)
"VideoGet_is1" = Nuclear Coffee - VideoGet
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.10.2011 17:08:34 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23.10.2011 18:37:19 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 24.10.2011 2:06:52 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 24.10.2011 16:55:04 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 25.10.2011 21:42:30 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 26.10.2011 6:35:44 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26.10.2011 9:03:33 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:52:27 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:52:30 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:53:47 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 23.10.2011 17:08:34 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23.10.2011 18:37:19 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 24.10.2011 2:06:52 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 24.10.2011 16:55:04 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module dtshl32.dll, version 4.41.315.262, fault address 0x0001db2a.

Error - 25.10.2011 21:42:30 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 26.10.2011 6:35:44 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26.10.2011 9:03:33 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application ResidentEvil3.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:52:27 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:52:30 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27.10.2011 5:53:47 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 25.10.2011 13:12:17 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! Firewall service failed to start due to the following error:
%%2

Error - 25.10.2011 13:12:19 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswFW

Error - 25.10.2011 13:12:24 | Computer Name = PC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 26.10.2011 6:01:33 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! Firewall service failed to start due to the following error:
%%2

Error - 26.10.2011 6:01:35 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswFW

Error - 26.10.2011 9:54:12 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! Firewall service failed to start due to the following error:
%%2

Error - 26.10.2011 9:54:27 | Computer Name = PC | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 26.10.2011 9:54:27 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswFW

Error - 26.10.2011 18:27:21 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! Firewall service failed to start due to the following error:
%%2

Error - 26.10.2011 18:27:23 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswFW


< End of report >

Attached Files

•  Gmer.txt   5.11KB   121 downloads

[SweetTech]

Hi!

Please run this tool:


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[acajelen]

I had activated Combo fix, but because i used Avg I thought that i uninstaled it, but I didnt. So combo fix was interupted. What now? U wrote that I should not re run combo fix.

[acajelen]

I need to add that my right click is working fine now. Just I have a few more issues. I dont know should I start Combo fix again or not, and I have some problems that i dont know should I mention them here or start a new topic. 1st and oldest is some movie files I have that I cant delete it. It says "make sure that disk is not fully protected...". 2nd thing is that when I tipe in search bar on google it doesnt show blinking bar for tiping. 3rd thing is some folder I got on my D partition that doesnt do anything, but also cannot be deleted. It had name like some huge number. I am sure that that is virus.

[SweetTech]

Hi!

Lets address the ComboFix issue for now, and we can revisit the other issues later.

Lets run this utility to remove AVG:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


Please then attempt to re-run ComboFix.

[acajelen]

I uninstaled AVG. Earlier version of AVG had disable protection button. I made mistake, I thought I disabled it but i didnt. So I uninstaled it almost 2 days ago. Now I am without any antivirus. Do U think it is necesary to remove something that, I think, is already removed?

[SweetTech]

No, you can go ahead and proceed with running ComboFix. For the time being, please don't do any unnecessary browsing with your computer.

[acajelen]

This note appeard: "This machine does not have the "Microsoft Windows recovery console" installed. Alternately, an exciting instalation of the recovery... may be present... Click Yes to have Combofix install it/download...
What should I do? I dont have any problems with right click, and I have no anti virus. I am a little uncomfortable of downloading something without protection.

[SweetTech]

Hi!

Please go ahead and download it. ComboFix will be downloading the Recovery Console directly from Microsoft.

[acajelen]

I did. here it is

ComboFix 11-10-29.03 - Master 31.10.2011 23:58:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2393 [GMT 1:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-10-25 18:12 . 2011-10-25 18:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-23 17:31 . 2011-10-23 17:31 -------- d-----w- C:\$AVG
2011-10-23 16:54 . 2011-10-23 16:54 -------- d-----w- c:\documents and settings\Master\Application Data\AVG2012
2011-10-23 16:40 . 2011-10-23 16:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-23 16:40 . 2011-10-29 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-23 16:39 . 2011-10-23 16:39 -------- d-----w- c:\program files\AVG
2011-10-23 16:34 . 2011-10-29 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-23 16:00 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-10-23 16:00 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-10-23 16:00 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-10-23 16:00 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-10-23 15:59 . 2011-10-23 15:59 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-10-23 15:59 . 2011-10-23 15:59 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-10-23 15:59 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-10-23 15:59 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-10-23 15:59 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-10-23 15:59 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-10-23 15:55 . 1997-04-08 18:08 299520 ----a-w- c:\windows\uninst.exe
2011-10-23 15:36 . 2011-10-23 15:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-23 12:37 . 2011-10-23 15:57 -------- d-----w- C:\Westwood
2011-10-23 12:30 . 2011-10-23 15:55 -------- d-----w- c:\documents and settings\Master\Application Data\DAEMON Tools Pro
2011-10-23 12:30 . 2011-10-23 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:38 . 2011-09-11 13:07 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:37 . 2011-09-11 13:07 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-08-25 20:55 . 2011-05-24 22:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 09:58 . 2011-10-14 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-20 8462336]
"nwiz"="nwiz.exe" [2007-06-20 1626112]
"AveoSTI.exe"="c:\program files\AVEO\AveoCap\AveoSTI.exe" [2007-11-06 24576]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-04-24 198160]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...e70c2decf7d34c" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Master\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2007-05-16 13:18 2483760 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=
"d:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"d:\\backup\\Desktop\\Counter-Strike 1.6 KGB\\hl.exe"=
"d:\\igre\\Dune 2000\\DUNE2000.DAT"=
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [6/25/2010 8:38 AM 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [6/25/2010 8:38 AM 35712]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/11/2011 2:07 PM 111320]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 12:08]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 12:08]
.
2011-10-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Golden Axe 2_is1 - c:\documents and settings\Master\My Documents\Downloads\New Folder (2)\Golden Axe 2\unins000.exe
AddRemove-Golden Axe 3_is1 - c:\documents and settings\Master\My Documents\Downloads\New Folder (2)\Golden Axe 3\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 01:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-01 01:09:49
ComboFix-quarantined-files.txt 2011-11-01 00:09
.
Pre-Run: 1.245.593.600 bytes free
Post-Run: 2.714.361.856 bytes free
.
- - End Of File - - 222699CA5437609C6F07D5D4B48A4FCD

[SweetTech]

Hi!

Please run the following scans and provide me with an update on how things are running in your next reply.

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to this Guide.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.