Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot remove "Trojan horse PSW.Generic9.RDX"

Started by me4ever3131 , Jan 22 2012 08:57 PM

  • Please log in to reply

#16
me4ever3131
Posted 24 January 2012 - 02:49 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I ran OTL as well but can only find 1 output - OTL.txt

____________________________________________________________________________________

OTL logfile created on: 24/01/2012 7:34:09 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Trevor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.43% Memory free
3.85 Gb Paging File | 2.54 Gb Available in Paging File | 65.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 9.82 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 2.51 Gb Free Space | 1.62% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Trevor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 10:40:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
PRC - [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 19:41:50 | 002,659,256 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 01:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/04 01:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/29 22:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/02/09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/01/19 20:01:08 | 002,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2005/10/20 09:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/20 09:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 23:33:14 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/02 16:25:58 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/22 19:41:44 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2011/11/22 19:41:22 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2011/11/14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll
MOD - [2009/10/23 17:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [1998/09/22 07:00:00 | 000,033,792 | ---- | M] () -- C:\Program Files\WinZip\WZSHLEXT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/22 18:20:02 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/04 01:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/17 17:27:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/17 16:01:20 | 004,368,952 | ---- | M] (Prevx) [Auto | Stopped] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2005/10/20 09:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2012/01/24 19:15:39 | 000,027,656 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2012/01/24 19:15:39 | 000,022,024 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2012/01/16 17:54:42 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/11/22 18:20:06 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2011/11/22 18:20:06 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/11/22 18:20:04 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/04 01:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/10/03 21:44:57 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2009/05/08 11:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/10/17 02:14:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/14 14:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/01/19 20:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 19:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/12/20 17:13:54 | 000,136,416 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2006/07/31 07:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/07/17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/04/10 07:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bigpond.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://au.yhs.search...2-tb-web_au&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ASC/AppVirtualization;version=1.1.22: C:\Program Files\Ascensio System\App Virtualization\Framework\npASCpluginS.dll (Ascensio System SIA)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Trevor\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/20 18:31:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/18 09:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/01/16 17:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.23\ [2012/01/22 10:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 16:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 21:03:46 | 000,000,000 | ---D | M]

[2009/11/16 20:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Extensions
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Extensions\[email protected]
[2012/01/16 16:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions
[2011/03/06 11:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 16:43:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/11/23 10:22:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/13 14:25:07 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\[email protected]
[2011/11/11 08:26:00 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\searchplugins\avg-secure-search.xml
[2011/11/13 09:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 16:25:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/07 13:25:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/22 10:26:00 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/07 13:25:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/07 13:25:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/07 13:25:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/07 13:25:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search...p={searchTerms}
CHR - default_search_provider: suggest_url = http://sugg.search.y...}&output=fxjson
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Trevor\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: ASC plugin (Enabled) = C:\Program Files\Ascensio System\App Virtualization\Framework\npASCpluginS.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Frostwire Toolbar = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.0_0\
CHR - Extension: Frostwire Toolbar = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.17859_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\

O1 HOSTS File: ([2012/01/15 21:23:49 | 000,440,088 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15134 more lines...
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/04/12 18:53:58 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lnk_disabled [2011/05/27 16:19:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Trevor\Start Menu\Programs\Startup\lnk_disabled [2011/05/27 16:19:43 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{338A258E-5476-4BE6-BDC1-535D95B4DB38}: DhcpNameServer = 61.9.133.193 61.9.134.49
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 18:25:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 19:14:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/24 18:56:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/24 18:41:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Trevor\Recent
[2012/01/24 01:06:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/24 01:04:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/24 01:04:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/24 01:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/24 01:04:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/24 00:02:38 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Trevor\Desktop\aswMBR.exe
[2012/01/23 20:29:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/23 20:28:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 20:10:35 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Trevor\Desktop\avg_remover_stf_x86_2011_1184.exe
[2012/01/23 10:40:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
[2012/01/23 09:47:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/22 10:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/22 10:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\AVG Secure Search
[2012/01/22 10:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/22 10:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\AVG2012
[2012/01/22 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/19 13:10:18 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Trevor\Desktop\TDSSKiller.exe
[2012/01/16 17:29:44 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/01/16 17:29:12 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/01/16 17:29:12 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/01/16 17:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/01/16 17:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\TestApp
[2012/01/16 09:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Local Settings\Application Data\Threat Expert
[2012/01/13 01:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\PCTools
[2012/01/12 23:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/12 23:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/12 21:45:16 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/01/12 21:45:15 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/01/12 21:45:15 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/01/12 21:31:05 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/01/12 21:31:05 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0140.old
[2012/01/12 21:31:05 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/01/12 21:31:05 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0140.old
[2012/01/12 21:31:05 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/01/12 21:22:12 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/01/12 21:22:12 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/12 21:22:11 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/01/12 21:22:08 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/01/12 21:22:08 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/01/12 21:22:02 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\PC Tools
[2012/01/12 21:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/09 21:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\My Documents\AVS4YOU
[2007/10/14 20:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 19:15:39 | 000,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2012/01/24 19:15:39 | 000,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2012/01/24 18:48:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 18:47:25 | 001,116,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/24 18:45:29 | 000,000,322 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/01/24 18:45:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 18:45:15 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2012/01/24 18:44:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 18:25:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/24 11:25:06 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012/01/24 08:45:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 01:06:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/24 00:33:13 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\Mbr.zip
[2012/01/24 00:18:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\MBR.dat
[2012/01/24 00:03:45 | 000,121,092 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\Cannot remove _Trojan horse PSW.Generic9.RDX_ - Geeks to Go Forums.pdf
[2012/01/24 00:03:07 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Trevor\Desktop\aswMBR.exe
[2012/01/24 00:02:25 | 002,035,725 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\tdsskiller.zip
[2012/01/23 20:10:35 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Trevor\Desktop\avg_remover_stf_x86_2011_1184.exe
[2012/01/23 10:40:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
[2012/01/22 10:26:34 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/22 10:03:27 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/21 14:02:11 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/21 14:02:11 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/19 13:10:18 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Trevor\Desktop\TDSSKiller.exe
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2012/01/18 16:40:26 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/01/18 11:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/17 17:22:24 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/16 17:59:08 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Trevor\My Documents\spider.sav
[2012/01/16 17:54:42 | 000,341,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/16 17:41:25 | 000,001,430 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup.exe.lnk
[2012/01/15 21:23:49 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/14 09:19:47 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120115-212348.backup
[2012/01/12 21:21:32 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup_revwire207[1].exe
[2012/01/12 21:03:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/12 13:25:39 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120114-091946.backup
[2012/01/11 20:48:57 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120112-132538.backup
[2012/01/07 14:48:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 12:20:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 20:41:38 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 01:06:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/24 01:06:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/24 01:04:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/24 01:04:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/24 01:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/24 01:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/24 01:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/24 00:33:13 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\Mbr.zip
[2012/01/24 00:18:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\MBR.dat
[2012/01/24 00:03:40 | 000,121,092 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\Cannot remove _Trojan horse PSW.Generic9.RDX_ - Geeks to Go Forums.pdf
[2012/01/24 00:02:24 | 002,035,725 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\tdsskiller.zip
[2012/01/22 10:26:34 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/21 13:55:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/18 17:27:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/16 17:29:25 | 001,116,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/16 17:27:24 | 000,001,430 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup.exe.lnk
[2012/01/12 21:31:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0140.old
[2012/01/12 21:31:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/12 21:31:05 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/01/12 21:31:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/01/12 21:31:05 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/01/12 21:31:05 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/01/12 21:19:50 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup_revwire207[1].exe
[2012/01/12 21:03:46 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 21:03:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/13 20:56:56 | 000,943,949 | ---- | C] () -- C:\Program Files\winzip70.exe
[2011/11/12 18:05:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/12 18:01:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/04 08:32:28 | 000,375,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/27 22:30:29 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/27 22:30:29 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/27 22:30:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 19:08:49 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/08 13:44:44 | 099,991,640 | ---- | C] () -- C:\Program Files\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/05/21 07:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/02 13:42:31 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/04/02 13:42:31 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/04/02 13:42:31 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/03/08 21:21:53 | 000,116,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/15 10:49:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/10/03 22:39:11 | 000,005,056 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\drctchbl.xvi
[2010/10/03 22:39:09 | 000,004,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2010/09/21 11:50:15 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/01/21 22:35:07 | 000,000,022 | ---- | C] () -- C:\WINDOWS\op70.ini
[2009/12/14 23:15:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\prvlcl.dat
[2009/11/28 17:37:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/23 17:41:44 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2009/11/23 17:40:44 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2009/11/20 21:35:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/11/20 19:35:11 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/20 19:35:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/20 19:35:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/20 19:35:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/20 19:35:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/20 19:35:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/20 19:35:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/20 19:35:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/20 19:35:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/20 19:35:11 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/20 19:35:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/20 19:35:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/20 19:35:11 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/20 19:35:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/20 19:35:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/20 19:35:11 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/20 19:35:11 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/20 19:35:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/20 19:35:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/20 12:36:29 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/11/19 21:03:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/18 18:42:51 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/11/17 19:53:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 15:29:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/11/17 05:18:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 05:17:57 | 001,747,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 18:26:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 18:24:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/14 13:41:09 | 000,004,060 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\FASTWiz.html
[2009/01/14 13:42:05 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Trevor\Application Data\WavCodec.wff
[2009/01/06 10:40:55 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/05 23:06:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/11/15 04:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 22:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/06/15 22:20:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\fusioncache.dat
[2005/09/19 17:56:49 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/03 23:59:38 | 005,858,878 | -H-- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\IconCache(1).db
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 04:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/01/22 10:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/22 10:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/23 20:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/16 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/04/02 13:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/11/26 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/10/16 19:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/20 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/08/13 13:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/11/16 20:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/09 11:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2009/11/16 20:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2012/01/23 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/13 18:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/27 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/28 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/28 16:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/11/28 16:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2009/11/16 20:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2012/01/17 17:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/11/28 16:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2010/12/28 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/01/24 19:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/20 19:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/26 16:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/11/13 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/16 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/08 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/17 20:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/16 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2011/03/10 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\ACAMPREF
[2011/09/15 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG
[2012/01/22 10:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG Secure Search
[2012/01/22 10:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG2012
[2011/11/13 14:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Azureus
[2011/04/02 13:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\CheckPoint
[2009/11/17 19:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/06 23:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\DVDVideoSoft
[2011/06/06 23:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers
[2011/11/12 15:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Epson
[2010/04/08 22:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Facebook
[2012/01/21 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Free Audio Editor
[2011/11/13 15:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\FrostWire
[2011/08/04 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Import Audio from Video
[2010/12/21 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Jaran Nilsen
[2009/11/16 20:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\KWorld Multimedia
[2010/03/09 19:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\LimeWire
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Magix
[2009/11/16 20:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\MailFrontier
[2011/03/25 23:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Millennia
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\MOVAVI
[2010/02/14 11:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Music Recognition
[2011/01/13 12:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\NCH Swift Sound
[2012/01/13 01:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\PCTools
[2011/06/15 12:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\PriceGong
[2010/10/03 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Recordpad
[2010/03/12 15:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\RipIt4Me
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Samsung
[2011/10/21 18:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Serif
[2010/12/01 09:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Softland
[2010/12/28 14:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Sync App Settings
[2012/01/16 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\TestApp
[2011/04/03 23:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Uniblue
[2009/11/16 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Video DVD Maker FREE
[2012/01/24 18:45:15 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/02/17 23:32:03 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/01/24 18:25:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/12/19 23:10:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/01/14 16:32:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\twelvekeysShakeIcon.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Documents and Settings\Trevor\Local Settings\Temp\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Documents and Settings\Trevor\Local Settings\Temp\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Documents and Settings\Trevor\Local Settings\Temp\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 17:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 17:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88333F4A

< End of report >

______________________________________________________________________________________

hopefully these will provide something useful
I will be off the air for a few hours (playing at a gig) but will be back on the air in a few hours.
  • 0

Advertisements

#17
maliprog
Posted 24 January 2012 - 05:28 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any problems (beside lost of D partition)? After we clean infection we'll see what can we do about D partition.

Step 1

Go to Start then Run... and type (For Vista/7 type this in Start -> Search box):

compmgmt.msc

From the left panel click Disk management and maximize the window.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#18
me4ever3131
Posted 24 January 2012 - 06:09 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi maliprog

Have run compmgmt.msc as per your instructions.

When I clicked on "Disk Management" it opened up a wizard "Welcome to the Initialize and Convert Disk Wizard" - I haven't run it as yet but will await your instructions.

My PC still isn't running properly. I've taken a screen shot of the above and was going to resize it etc in Photoshop but everything has really slowed right down - 10 minutes to partially open Photoshop etc..

I'll try to reboot after sending this & then try to send you a screen shot.

thanks
  • 0

#19
maliprog
Posted 24 January 2012 - 06:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Please don't do anything for a little while. Don't run any step I posted abow. I need to check something and get back to you as soon as possible.
  • 0

#20
me4ever3131
Posted 24 January 2012 - 06:22 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK - attached a screenshot of the disk management window anyway

Attached Thumbnails

  • DiskManagement.jpg

  • 0

#21
maliprog
Posted 24 January 2012 - 06:26 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Even better. Can you confirm from picture that Disk0 149.05 GB is you lost D drive?
  • 0

#22
me4ever3131
Posted 24 January 2012 - 06:30 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Yes - that is correct Disk 0 is my missing D drive (based on size)
  • 0

#23
maliprog
Posted 24 January 2012 - 06:32 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. I'll check something with Tech guys and get back to you when I get answer. Stay tuned...
  • 0

#24
me4ever3131
Posted 24 January 2012 - 06:35 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK
  • 0

#25
maliprog
Posted 24 January 2012 - 03:50 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Before we continue we need to be really sure.

You sad that you only have one hard disk drive with three partitions C, E and D. You lost D partition.

Can you confirm that you had three partitions lettered C, D and E? For example, is it possible that your partition D is now lettered as E (check your files for this one).

If you have backup files from D partition do you need to recover anything from D partition.



Thing is that Disk Management shows that you have two physical hard disk drives. One of them has C and E partition and second hard disk is your D drive. That's what we see on your screenshot.

We need to know are you sure you only have one HDD on your system with three partitions on it?
  • 0

Advertisements

#26
me4ever3131
Posted 26 January 2012 - 02:52 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sorry - I missed seeing your last post & didn't explain my self clearly.

I have two seperate hard drives.
The first is my C drive which had a partition - that was my D drive.

The second HDD was my E drive.

The attached screenshot will show you what I see.

When I open the E: drive, it is my second & seperate drive.

When I plug in an external HDD it takes the next available letter - in this case "D"

The "G" drive shown is my USB connected printer.

thanks for your patience

Attached Thumbnails

  • MyComputer.jpg

  • 0

#27
me4ever3131
Posted 26 January 2012 - 02:56 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
forgot to add - I do have a back-up of my D drive but it is a few weeks old so would prefer to get it back however if I can't then I can't.
  • 0

#28
maliprog
Posted 27 January 2012 - 12:33 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
After consulting with Tech expert we have one step that might help.

Download TestDisk
This is advance tool so please read Instructions at lease two times.

Follow steps and on Step 5 Quick Search for partitions you should see your lost partition. If this is the case try to list your files and confirm that you are on right partition (as described in Instructions.

If you have questions please ask.
  • 0

#29
me4ever3131
Posted 27 January 2012 - 12:48 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK - I'll give it a go, if I have any questions I'll ask you.

thanks
  • 0

#30
me4ever3131
Posted 27 January 2012 - 03:02 AM

me4ever3131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I'm not sure if I've done the right thing.

I've included a screen shot of where I got to.

TestDisk talks about incorrect disk size, checking jumpers settings etc.. but I haven't been playing around with anything.

thanks

Attached Thumbnails

  • TestDisk1.jpg

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP