Just yesterday my desktop (currently using laptop) randomly restarted and now no .exe files will open. I have ran the computer in safemode and still no luck. I have the following antivirus programs: AVG 2012, Malwarbyte, Super antivirus, and CC cleaner. Oddly enough, CC cleaner and Super antivirus works normally but doesn't fix any problems. I would say 90% of my programs cannot open. I can run the command prompt and notepad as well. I tried running TheKiller (renamed as explorer), OTL, Combofix and none of them works because I cannot open .exe files. Any help would be greatly appreciated and thank you for your time.
Computer restarted and now no .exe file will open [Solved]
Started by
Riodn
, Mar 18 2012 03:30 PM
-
This topic is locked
#1
Posted 18 March 2012 - 03:30 PM
Riodn
-
- Member
-
- 10 posts
Member
Just yesterday my desktop (currently using laptop) randomly restarted and now no .exe files will open. I have ran the computer in safemode and still no luck. I have the following antivirus programs: AVG 2012, Malwarbyte, Super antivirus, and CC cleaner. Oddly enough, CC cleaner and Super antivirus works normally but doesn't fix any problems. I would say 90% of my programs cannot open. I can run the command prompt and notepad as well. I tried running TheKiller (renamed as explorer), OTL, Combofix and none of them works because I cannot open .exe files. Any help would be greatly appreciated and thank you for your time.
#2
Posted 18 March 2012 - 03:33 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
Also, I'm using firefox and that cannot open as well. Again, thank you for reading.
#3
Posted 19 March 2012 - 12:02 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there lets try this version of OTL
But first download this pif file and double click to run as normal
Clean Autorun pif
Download OTL to your Desktop
But first download this pif file and double click to run as normal
Clean Autorun pif
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#4
Posted 19 March 2012 - 02:15 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
Hi there,
I downloaded cleanautorun and OTL. However, when I double click cleanautorun, a box that looks almost like the cmd pops up for a split second and then nothing happens. I've tried it multiple times and it has been the same result. Additionally, OTL doesn't open as well. It appears to be a screensaver? Note: I'm running safe mode while trying to do this. I have tried it on this machine and it appears to be working. I believe the problem is that it runs as if it is a .exe file which the infected computer cannot run. Thank you for your patience and help.
I downloaded cleanautorun and OTL. However, when I double click cleanautorun, a box that looks almost like the cmd pops up for a split second and then nothing happens. I've tried it multiple times and it has been the same result. Additionally, OTL doesn't open as well. It appears to be a screensaver? Note: I'm running safe mode while trying to do this. I have tried it on this machine and it appears to be working. I believe the problem is that it runs as if it is a .exe file which the infected computer cannot run. Thank you for your patience and help.
Edited by Riodn, 19 March 2012 - 02:18 PM.
#5
Posted 19 March 2012 - 02:33 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes OTL was masquerading as a screen saver, so that did not run either
OK can you create a cd ? If so we will do a quick and dirty fix outside of windows
Please print these instruction out so that you know what you are doing
OK can you create a cd ? If so we will do a quick and dirty fix outside of windows
Please print these instruction out so that you know what you are doing
- On the clean computer
- Download OTLPENet.exe to your desktop
- Ensure that you have a blank CD in the drive
- Download Scan.txt to a USB drive[attachment=56714:scan.txt]
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start
- Drag and drop scan.txt into the Custom scans and fixes box, or double click the scan box
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
#6
Posted 19 March 2012 - 03:29 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
Thank you for your prompt response.
I'm currently on step 9) and I have a question. How do I know which folder is the infected one? This may sound like a silly question sorry. Ideally I would like to scan my entire drive (which I've tried but doesn't allow). Thank you again for your help.
I'm currently on step 9) and I have a question. How do I know which folder is the infected one? This may sound like a silly question sorry. Ideally I would like to scan my entire drive (which I've tried but doesn't allow). Thank you again for your help.
#7
Posted 19 March 2012 - 03:36 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
This is purely an analysis tool with repair functions. The scan will enable me to stop the bad processes and enable exe functionality thereby getting into windows properly
#8
Posted 19 March 2012 - 03:51 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
Thank you.
Here is the results:
OTL logfile created on: 3/19/2012 3:44:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.42 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.69 Gb Free Space | 99.21% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]
[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/08 22:21:28 | 000,002,310 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/11/25 04:33:05 | 000,001,422 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 46.4.179.84 yahoo.com
O1 - Hosts: 212.124.122.156 google.com
O1 - Hosts: 46.4.179.84 myspace.com
O1 - Hosts: 212.124.122.156 msn.com
O1 - Hosts: 46.4.179.84 amazon.com
O1 - Hosts: 212.124.122.156 youtube.com
O1 - Hosts: 46.4.179.84 craigslist.org
O1 - Hosts: 212.124.122.156 wikipedia.org
O1 - Hosts: 46.4.179.110 cnn.com
O1 - Hosts: 46.4.179.84 facebook.com
O1 - Hosts: 46.4.179.110 go.com
O1 - Hosts: 46.4.179.84 live.com
O1 - Hosts: 46.4.179.84 blogger.com
O1 - Hosts: 46.4.179.110 aol.com
O1 - Hosts: 46.4.179.84 microsoft.com
O1 - Hosts: 46.4.179.110 comcast.net
O1 - Hosts: 46.4.179.84 imdb.com
O1 - Hosts: 46.4.179.84 digg.com
O1 - Hosts: 46.4.179.84 flickr.com
O1 - Hosts: 46.4.179.84 Expedia.com
O1 - Hosts: 46.4.179.84 Monster.com
O1 - Hosts: 212.124.122.156 Paypal.com
O1 - Hosts: 46.4.179.84 Weather.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/01/11 22:45:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- D:\Users\Riodn\AppData\Local\pwv.exe
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe
========== Files - Modified Within 30 Days ==========
[2012/03/19 17:11:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/19 16:02:09 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/03/08 22:21:35 | 000,000,237 | ---- | M] () -- D:\user.js
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:34 | 000,000,237 | ---- | C] () -- D:\user.js
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\441i16t235626yt7ww818yq
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\ProgramData\441i16t235626yt7ww818yq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\ProgramData\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\03627262x6x3
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\ProgramData\03627262x6x3
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\4w15jd6w47p677
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\ProgramData\4w15jd6w47p677
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\ProgramData\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\w3rl80h3ef3ypw
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\ProgramData\w3rl80h3ef3ypw
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\ProgramData\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav
========== LOP Check ==========
[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/11/17 04:25:05 | 000,000,382 | ---- | M] () -- D:\Windows\Tasks\At1.job
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/03/17 04:30:14 | 004,438,697 | ---- | M] (Swearware) MD5=22FF84799934BA506E253C0C785063CA -- D:\Users\Riodn\Desktop\malwar\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/03/17 17:31:18 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- D:\Users\Riodn\Desktop\USB drive\malwar\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- D:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{73AB3188-3213-42F3-B7E2-74ADE39B582E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 03 01 01 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< C:\Program Files\Common Files\ComObjects\*.* /s >
Invalid Environment Variable: %Temp%\smtmp\1\*.*
Invalid Environment Variable: %Temp%\smtmp\2\*.*
Invalid Environment Variable: %Temp%\smtmp\3\*.*
Invalid Environment Variable: %Temp%\smtmp\4\*.*
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
Here is the results:
OTL logfile created on: 3/19/2012 3:44:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.42 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.69 Gb Free Space | 99.21% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]
[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/08 22:21:28 | 000,002,310 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/11/25 04:33:05 | 000,001,422 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 46.4.179.84 yahoo.com
O1 - Hosts: 212.124.122.156 google.com
O1 - Hosts: 46.4.179.84 myspace.com
O1 - Hosts: 212.124.122.156 msn.com
O1 - Hosts: 46.4.179.84 amazon.com
O1 - Hosts: 212.124.122.156 youtube.com
O1 - Hosts: 46.4.179.84 craigslist.org
O1 - Hosts: 212.124.122.156 wikipedia.org
O1 - Hosts: 46.4.179.110 cnn.com
O1 - Hosts: 46.4.179.84 facebook.com
O1 - Hosts: 46.4.179.110 go.com
O1 - Hosts: 46.4.179.84 live.com
O1 - Hosts: 46.4.179.84 blogger.com
O1 - Hosts: 46.4.179.110 aol.com
O1 - Hosts: 46.4.179.84 microsoft.com
O1 - Hosts: 46.4.179.110 comcast.net
O1 - Hosts: 46.4.179.84 imdb.com
O1 - Hosts: 46.4.179.84 digg.com
O1 - Hosts: 46.4.179.84 flickr.com
O1 - Hosts: 46.4.179.84 Expedia.com
O1 - Hosts: 46.4.179.84 Monster.com
O1 - Hosts: 212.124.122.156 Paypal.com
O1 - Hosts: 46.4.179.84 Weather.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/01/11 22:45:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- D:\Users\Riodn\AppData\Local\pwv.exe
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe
========== Files - Modified Within 30 Days ==========
[2012/03/19 17:11:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/19 16:02:09 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/03/08 22:21:35 | 000,000,237 | ---- | M] () -- D:\user.js
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:34 | 000,000,237 | ---- | C] () -- D:\user.js
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\441i16t235626yt7ww818yq
[2012/01/11 22:45:14 | 000,001,508 | -HS- | C] () -- D:\ProgramData\441i16t235626yt7ww818yq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2012/01/09 01:12:33 | 000,001,478 | -HS- | C] () -- D:\ProgramData\if1877rk0wof43v47i776hb5o6a7ymkgy074skuh4h22vq
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\03627262x6x3
[2011/12/26 13:35:18 | 000,001,582 | -HS- | C] () -- D:\ProgramData\03627262x6x3
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\4w15jd6w47p677
[2011/12/16 03:32:52 | 000,001,260 | -HS- | C] () -- D:\ProgramData\4w15jd6w47p677
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/12 04:06:30 | 000,001,380 | -HS- | C] () -- D:\ProgramData\umysuw1q7ayv7vkg0ngl5i520n5t
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\w3rl80h3ef3ypw
[2011/12/04 05:25:11 | 000,001,074 | -HS- | C] () -- D:\ProgramData\w3rl80h3ef3ypw
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\Users\Riodn\AppData\Local\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/12/04 02:38:36 | 000,001,272 | -HS- | C] () -- D:\ProgramData\lltbrr2j3xwh5cdk3uyg3v452m4y
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav
========== LOP Check ==========
[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/11/17 04:25:05 | 000,000,382 | ---- | M] () -- D:\Windows\Tasks\At1.job
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/03/17 04:30:14 | 004,438,697 | ---- | M] (Swearware) MD5=22FF84799934BA506E253C0C785063CA -- D:\Users\Riodn\Desktop\malwar\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/03/17 17:31:18 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- D:\Users\Riodn\Desktop\USB drive\malwar\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- D:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 18:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{73AB3188-3213-42F3-B7E2-74ADE39B582E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 03 01 01 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/18 00:11:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/18 00:11:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< C:\Program Files\Common Files\ComObjects\*.* /s >
Invalid Environment Variable: %Temp%\smtmp\1\*.*
Invalid Environment Variable: %Temp%\smtmp\2\*.*
Invalid Environment Variable: %Temp%\smtmp\3\*.*
Invalid Environment Variable: %Temp%\smtmp\4\*.*
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
#9
Posted 19 March 2012 - 04:03 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Download the attached fix.txt to a USB drive
[attachment=56716:fix.txt]
Place the USB drive in the affected system
From the Reatogo desktop
Run OTL
Press the run fix button
A dialogue will ask for the location of fix.txt
Navigate to the usb and select fix.txt
press run fix again
Once it has completed reboot to normal windows and run Malwarebytes
[attachment=56716:fix.txt]
Place the USB drive in the affected system
From the Reatogo desktop
Run OTL
Press the run fix button
A dialogue will ask for the location of fix.txt
Navigate to the usb and select fix.txt
press run fix again
Once it has completed reboot to normal windows and run Malwarebytes
#10
Posted 19 March 2012 - 04:11 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
When I load the "run fix" with the downloaded file, it inputs the text into the custom scans/fixes. But when I try to click "run fix" again to rerun, nothing happens. The program is running normal, it appears to not be responding to the "run fix". I followed the steps as described, perhaps I'm doing something wrong? Thank you again for all your help. Note: I also cannot navigate to the usb drive via OTLPE. It states the following: "access violation at address 7CA0C936 in module 'shell32.dll". Read of addresss 00000006." So instead what I did was just drag it to a folder where OTLPE would accept it.
Edited by Riodn, 19 March 2012 - 04:15 PM.
#11
Posted 19 March 2012 - 04:16 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you close OTLPE
Copy the fix text to the desktop
Reopen OTL
Open the fix.txt and copy/paste the details to the custom scan and fixes box
Then press run fix
Copy the fix text to the desktop
Reopen OTL
Open the fix.txt and copy/paste the details to the custom scan and fixes box
Then press run fix
#12
Posted 19 March 2012 - 04:25 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
I completed the fix run and booted in normal. However, the same problem still exists. I open Malwarebyte but there is no response. Also something else to note that happened when all of this occurred. At the bottom right corner it states "Windows 7 Build 7601 This copy of windows is not genuine" This only happened after I tried to do a system restore to about a week ago as a response to this problem of not being able to open .exe files/Internet and is the first time its happened. The windows 7 that I have is legit. Just thought I'd share that with you as it may or may not have any effect. Thank you.
Edited by Riodn, 19 March 2012 - 04:29 PM.
#13
Posted 19 March 2012 - 04:31 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Reboot to the Reatogo desktop again and in the custom scans box paste the in following and press run scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s
Then post the resultant log here
We will look at re-registering windows later
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s
Then post the resultant log here
We will look at re-registering windows later
#14
Posted 19 March 2012 - 04:43 PM
Riodn
- Topic Starter
-
- Member
-
- 10 posts
Member
Here are the results:
OTL logfile created on: 3/19/2012 4:38:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.41 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]
[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/03/19 16:19:08 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/19 16:06:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe
========== Files - Modified Within 30 Days ==========
[2012/03/19 19:21:49 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/19 18:32:19 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav
========== LOP Check ==========
[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL logfile created on: 3/19/2012 4:38:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 614.41 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/26 22:39:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 20:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/24 12:38:28 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 05:07:24 | 000,244,960 | ---- | M] () [Disabled] -- D:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/10/12 10:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/02 10:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 13:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/10/07 10:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 10:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 10:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 17:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- D:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 05:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 05:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 05:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 05:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/24 09:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 06:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/08/20 01:42:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000f46d0439b064
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C DF 35 47 FA 5E CC 01 [binary data]
IE - HKU\Riodn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.jzip.com/
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Riodn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: D:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 00:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 18:31:52 | 000,000,000 | ---D | M]
[2012/01/08 03:25:33 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 11:31:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/18 00:11:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/23 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 19:27:58 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 20:59:52 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/30 14:43:02 | 000,002,497 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/12 19:27:58 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/03/19 16:19:08 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trixie.Bho) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - D:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/26 22:25:24 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - D:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 16:12:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/19 16:12:36 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/19 16:06:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/03/18 20:08:44 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\Windows 7 Ultimate
[2012/03/18 18:00:00 | 000,000,000 | ---D | C] -- D:\Users\Riodn\Desktop\malwar
[2012/03/18 04:33:58 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/18 04:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/18 04:33:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/18 04:33:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/18 04:33:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/18 04:33:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/18 04:08:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\svchost.exe
[2012/03/13 23:04:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/13 06:01:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/03/08 22:21:54 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\PDFlite
[2012/03/08 22:21:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar
[2012/03/08 22:21:27 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Local\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\Users\Riodn\AppData\Roaming\Babylon
[2012/03/08 22:21:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2012/02/29 02:33:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/02/29 02:33:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2012/02/27 12:32:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/02/25 13:59:34 | 004,007,936 | ---- | C] (Flagship Industries, Inc.) -- D:\Program Files (x86)\Ventrilo.exe
========== Files - Modified Within 30 Days ==========
[2012/03/19 19:21:49 | 3219,791,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/19 18:32:19 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/18 23:19:17 | 000,623,940 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/18 23:19:17 | 000,106,316 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/18 21:39:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000UA.job
[2012/03/18 19:07:12 | 009,809,282 | ---- | M] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 16:18:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\Riodn\Desktop\OTL.scr
[2012/03/18 16:17:54 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Riodn\Desktop\cleanautorun.pif
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 14:20:45 | 000,020,848 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 13:21:51 | 000,489,824 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/18 00:15:02 | 000,002,127 | ---- | M] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/17 23:10:28 | 030,758,216 | ---- | M] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/17 20:26:56 | 001,587,696 | ---- | M] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/17 19:16:12 | 001,410,192 | ---- | M] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/17 19:04:00 | 000,001,278 | ---- | M] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/17 18:53:00 | 000,004,895 | ---- | M] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/17 16:47:51 | 000,002,006 | -H-- | M] () -- D:\Users\Riodn\Documents\Default.rdp
[2012/03/13 03:39:00 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-428103201-108540113-2459031241-1000Core.job
[2012/03/13 01:38:47 | 000,000,064 | ---- | M] () -- D:\Windows\SysWow64\rp_stats.dat
[2012/03/13 01:38:47 | 000,000,044 | ---- | M] () -- D:\Windows\SysWow64\rp_rules.dat
[2012/03/12 20:42:25 | 091,606,683 | ---- | M] () -- D:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 20:38:36 | 000,298,954 | ---- | M] () -- D:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/11 18:27:03 | 000,000,200 | ---- | M] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:20:04 | 000,000,747 | -H-- | M] () -- D:\IPH.PH
[2012/03/09 18:19:48 | 000,002,012 | ---- | M] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2012/03/08 22:21:52 | 000,001,859 | ---- | M] () -- D:\Users\Public\Desktop\PDFlite.lnk
[2012/02/29 02:33:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 04:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 12:42:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/03/19 00:08:44 | 000,002,127 | ---- | C] () -- D:\Users\Riodn\Desktop\win7-regfix.reg
[2012/03/18 23:17:44 | 000,002,600 | ---- | C] () -- D:\Users\Riodn\Desktop\xp_exe_fix.reg
[2012/03/18 23:04:17 | 030,758,216 | ---- | C] () -- D:\Users\Riodn\Desktop\winzip16-32.exe
[2012/03/18 20:29:49 | 001,587,696 | ---- | C] () -- D:\Users\Riodn\Desktop\SetupVirtualCloneDrive5450.exe
[2012/03/18 20:11:55 | 009,809,282 | ---- | C] () -- D:\Users\Riodn\Desktop\Windows 7 Loader.zip
[2012/03/18 19:09:50 | 001,410,192 | ---- | C] () -- D:\Users\Riodn\Desktop\sar_15_sfx.exe
[2012/03/18 18:57:32 | 000,001,278 | ---- | C] () -- D:\Users\Riodn\Desktop\fixrun.reg
[2012/03/18 18:46:48 | 000,004,895 | ---- | C] () -- D:\Users\Riodn\Desktop\EXEFix.Reg
[2012/03/11 18:27:03 | 000,000,200 | ---- | C] () -- D:\Users\Riodn\Documents\acad.err
[2012/03/09 18:19:48 | 000,002,012 | ---- | C] () -- D:\Users\Riodn\Desktop\Retry AIM Installation.lnk
[2011/12/24 23:53:46 | 000,000,259 | ---- | C] () -- D:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/20 15:16:46 | 000,000,064 | ---- | C] () -- D:\Windows\SysWow64\rp_stats.dat
[2011/08/20 15:16:46 | 000,000,044 | ---- | C] () -- D:\Windows\SysWow64\rp_rules.dat
[2011/08/20 04:06:47 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2011/08/20 04:06:47 | 000,013,440 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/20 04:06:44 | 000,011,832 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/20 04:06:44 | 000,010,216 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/20 04:02:06 | 000,038,211 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/08/20 04:01:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/08/20 04:01:23 | 000,030,252 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/19 19:28:34 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/18 02:54:02 | 000,059,904 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/17 17:53:00 | 000,119,502 | ---- | C] () -- D:\Program Files (x86)\Channel.wav
[2007/08/17 17:48:58 | 000,119,358 | ---- | C] () -- D:\Program Files (x86)\UserComment.wav
[2007/08/08 00:54:58 | 000,154,902 | ---- | C] () -- D:\Program Files (x86)\privchatmsg.wav
[2007/08/08 00:41:16 | 000,073,730 | ---- | C] () -- D:\Program Files (x86)\privchatopen.wav
[2007/07/16 12:57:14 | 000,207,694 | ---- | C] () -- D:\Program Files (x86)\disconnect.wav
[2007/07/16 12:54:06 | 000,148,822 | ---- | C] () -- D:\Program Files (x86)\connect.wav
[2003/02/03 22:47:20 | 000,020,378 | ---- | C] () -- D:\Program Files (x86)\SwitchBindings.wav
[2003/01/31 19:05:46 | 000,023,446 | ---- | C] () -- D:\Program Files (x86)\ChannelLeave.wav
[2003/01/31 19:04:54 | 000,019,444 | ---- | C] () -- D:\Program Files (x86)\ChannelJoin.wav
[2003/01/30 20:38:26 | 000,001,165 | ---- | C] () -- D:\Program Files (x86)\default.vet
[2002/07/22 23:28:14 | 000,025,678 | ---- | C] () -- D:\Program Files (x86)\Binds.wav
[2002/06/05 03:04:22 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyUp.wav
[2002/06/05 03:04:14 | 000,001,174 | ---- | C] () -- D:\Program Files (x86)\MicKeyDown.wav
[2002/06/05 02:25:08 | 000,026,254 | ---- | C] () -- D:\Program Files (x86)\MuteSound.wav
[2002/06/05 02:23:48 | 000,021,742 | ---- | C] () -- D:\Program Files (x86)\MuteMic.wav
[1999/09/02 03:44:58 | 000,057,202 | ---- | C] () -- D:\Program Files (x86)\missing.wav
[1999/08/29 16:31:42 | 000,106,646 | ---- | C] () -- D:\Program Files (x86)\UserConnect.wav
[1999/08/29 16:12:40 | 000,066,266 | ---- | C] () -- D:\Program Files (x86)\UserDisconnect.wav
========== LOP Check ==========
[2011/08/20 01:33:57 | 000,000,000 | ---D | M] -- D:\ProgramData\AIM
[2011/08/20 03:31:39 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/08/30 01:00:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2011/11/19 06:22:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2012
[2012/03/08 22:21:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/02/03 00:29:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/10/02 13:14:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2011/11/19 05:38:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/03/18 04:04:43 | 000,000,000 | ---D | M] -- D:\ProgramData\DeviceVm
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/12 20:42:28 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2012/03/18 04:06:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/09/05 03:24:44 | 000,000,000 | ---D | M] -- D:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/04 04:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/09/07 03:46:47 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/09 14:53:32 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:DFC5A2B2
< End of report >
#15
Posted 20 March 2012 - 01:47 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK there appears to be something seriously amiss here
The previous fix failed to execute
So I will now go for a Virus scan using a boot cd
Please download the following programmes to your desktop:
Dr Web Live CD
ImgBurn
Install IMGBurn
The previous fix failed to execute
So I will now go for a Virus scan using a boot cd
Please download the following programmes to your desktop:
Dr Web Live CD
ImgBurn
Install IMGBurn
- Double click Dr Web
- IMGBurn will open
- Burn the ISO to a cd
- Reboot the infected computer with the CD in the drive
- Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
- As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
- Use arrow keys to select DrWeb-LiveCD (Default)
- When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
- The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
- Once completed reboot to normal windows
- No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
