Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RootKit detected - possibly Sinowal or similar

Started by numinous , Mar 25 2012 09:37 PM

  • Please log in to reply

#1
numinous
Posted 25 March 2012 - 09:37 PM

numinous

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I need some help with removing some nasty malware. I ran a scan using Avast! antivirus and it detected "Win32:MBRoot-J [Trj]" but hasn't been able to remove it. When I schedule a boot time scan and click restart computer it goes to a "blue screen of death". I have been able to get it to run a boot time scan and it detected problems in a number of iTunes files. Also iTunes crashes regularly, primarily during sync with my iPod (iPod syncs fine on other computers).

Thanks in advance for any help with this problem.




The following is my OTL log:



OTL logfile created on: 3/26/2012 12:57:11 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aysh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.60% Memory free
3.85 Gb Paging File | 2.80 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 48.14 Gb Free Space | 20.67% Space Free | Partition Type: NTFS

Computer Name: AYSH-0F1CB01EF1 | User Name: Aysh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
PRC - [2012/03/20 16:38:05 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 10:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/07 10:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/30 08:25:13 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/03 11:21:08 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2008/06/16 02:02:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/15 11:31:54 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/26 04:46:55 | 001,749,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032501\algo.dll
MOD - [2012/03/20 16:38:00 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/06 16:30:10 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko11.dll
MOD - [2012/02/25 08:59:13 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/11/04 01:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/07 10:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ougqkqs6_.sys -- (ougqkqs6_.sys)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/26 00:38:12 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/03/07 10:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 10:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/07 09:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/02 15:18:58 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/02 15:18:58 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/02/01 09:48:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/30 17:34:39 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/02/24 20:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/06 11:36:48 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/06/16 01:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 01:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/07 21:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/15 21:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/02/16 10:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C0-E139515991ED
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{D6B37BB2-DA87-4909-A924-16CB25029C49}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Aysh\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 08:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 16:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 16:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/27 08:19:34 | 000,000,000 | ---D | M]

[2009/12/24 16:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions
[2009/12/11 21:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions\[email protected]
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions
[2011/07/11 20:50:20 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/16 10:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
[2012/02/21 17:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/21 16:25:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/20 16:38:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 17:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 17:04:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Where's Wally OLR] C:\PROGRA~1\AVANQU~1\OLR\WHERE'~1\BVRPOlr.exe /Where's Wally File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Aysh\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aysh\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://cdn3.zone.msn...k.cab102118.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B04AEC4-671D-47B1-9E67-D4A9A955AA5E}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D67C0B-290C-4053-AEB0-5E70806ECB4F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D665C71E-59D4-442F-B896-361C5B038FB1}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/04 17:34:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\AutoRun\command - "" = G:\uxkl0apt.bat
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\open\Command - "" = G:\uxkl0apt.bat
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/03/26 11:50:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/26 11:49:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/26 00:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/26 00:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\Avira
[2012/03/26 00:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/26 00:22:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/26 00:22:28 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/26 00:22:28 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/26 00:22:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/03/26 00:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/03/26 00:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/24 00:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/24 00:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/24 00:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/24 00:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/24 00:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/22 20:12:18 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/03/22 20:12:01 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/03/22 20:12:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/22 20:11:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/03/22 20:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/03/22 16:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Local Settings\Application Data\Threat Expert
[2012/03/22 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/22 12:12:56 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/22 12:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/22 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/22 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2012/03/22 11:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/03/22 11:08:02 | 000,000,000 | ---D | C] -- C:\6f59402a068194da5b260530ce860218
[2012/03/21 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\Malwarebytes
[2012/03/21 22:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/21 22:06:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/21 22:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/21 22:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/21 16:25:49 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/21 16:25:49 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/21 16:25:46 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/21 16:25:46 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/21 16:25:45 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/21 16:25:44 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/21 16:25:44 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/21 16:25:43 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/21 16:25:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/21 16:25:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/20 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/20 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/17 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2012/03/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ConverterLite
[2012/03/17 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConverterLite
[2012/03/16 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2012/03/14 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/14 18:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 18:39:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/13 11:40:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aysh\Recent
[2012/03/13 11:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/13 11:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 12:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/09 12:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2012/03/09 08:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\PriceGong
[2012/03/05 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\GrayMatter
[2012/03/05 08:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc
[2012/02/29 11:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/28 08:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 13:07:35 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job
[2012/03/26 12:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/26 11:52:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/26 03:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 00:36:08 | 000,000,396 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/03/26 00:35:43 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}
[2012/03/26 00:35:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/26 00:35:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 00:22:51 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/25 23:39:34 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/03/25 22:49:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/25 18:54:45 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/03/25 18:33:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/24 00:34:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/24 00:32:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/22 20:12:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/22 20:03:36 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/03/22 16:25:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/22 12:14:44 | 000,685,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/21 09:35:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/20 18:52:02 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/19 20:52:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2012/03/19 12:47:40 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/17 18:52:46 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 17:54:17 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:54:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 11:40:27 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Microsoft PhotoDraw V2.lnk
[2012/03/13 10:15:08 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{D665C71E-59D4-442F-B896-361C5B038FB1}
[2012/03/07 10:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/07 10:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/07 10:04:25 | 000,112,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/07 10:03:23 | 000,196,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/07 10:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/07 09:44:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/03/06 21:40:26 | 001,044,169 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/29 18:25:47 | 000,407,320 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Arts Council Parent Letter 2012.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/26 00:22:51 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/25 23:39:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012/03/25 22:49:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/24 00:34:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/24 00:11:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/24 00:11:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/22 20:03:36 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/03/22 12:13:31 | 000,685,530 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/21 22:00:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 18:52:02 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/17 18:52:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 10:51:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 12:14:03 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/06 21:40:08 | 001,044,169 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/29 18:25:44 | 000,407,320 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\Arts Council Parent Letter 2012.pdf
[2012/02/27 08:19:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/16 13:11:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 10:10:32 | 000,000,084 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2011/11/02 15:18:58 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/02 15:18:58 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/10/13 18:14:05 | 000,000,618 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2011/07/29 22:27:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 21:31:24 | 000,092,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/01 16:03:11 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/11 12:21:11 | 000,139,554 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/01/11 12:21:11 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/11/17 15:43:29 | 000,052,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/06 10:47:08 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2010/11/06 10:47:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/10/14 22:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/09/02 14:51:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/02 14:51:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/02 14:51:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\$_hpcst$.hpc
[2010/09/02 14:47:59 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2010/09/02 14:47:59 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2010/09/02 14:47:57 | 104,050,688 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi

========== LOP Check ==========

[2012/02/18 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/07/05 04:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/03/20 22:26:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/01 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/24 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/07/29 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/03/22 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/06 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/02 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/10/30 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/02/24 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/10 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/06/29 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/22 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/06 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/19 13:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Azureus
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Colibri Games
[2012/03/17 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/13 11:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\DAEMON Tools Lite
[2011/01/01 07:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Digiarty
[2012/03/14 18:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/17 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2008/07/04 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leadertech
[2011/07/29 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo Video2iPod v2
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Ludia
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Moyea
[2009/12/15 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NCH Swift Sound
[2008/07/05 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NetMedia Providers
[2011/06/08 21:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Opera
[2010/09/02 14:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PC Suite
[2012/03/09 08:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PriceGong
[2012/03/09 12:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2008/07/05 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Publish Providers
[2009/11/06 11:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Recordpad
[2010/09/02 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Samsung
[2008/07/05 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony
[2011/07/11 21:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony Online Entertainment
[2012/03/22 12:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2011/07/12 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Unity
[2012/03/26 13:07:35 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:24EC51386CA87F00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




And the following is the "extras.txt" log as well:




OTL Extras logfile created on: 3/26/2012 12:57:11 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aysh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.60% Memory free
3.85 Gb Paging File | 2.80 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 48.14 Gb Free Space | 20.67% Space Free | Partition Type: NTFS

Computer Name: AYSH-0F1CB01EF1 | User Name: Aysh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Documents and Settings\Aysh\Local Settings\Temp\~os1E7.tmp\rlvknlg.exe" = C:\Documents and Settings\Aysh\Local Settings\Temp\~os1E7.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A9B05B4-D982-4375-A6B3-1117E576FC9C}" = Freddi Fish - Kelp Seed Mystery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{433B30F1-3B10-4DDD-8975-C891C56BF992}" = PENTAX Digital Camera Utility 4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWA-110
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.106
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111408453}" = Super TextTwist
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0E65B9-B525-43C0-A2C9-5D73D24ADB80}" = Miro Video Converter
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A74C1699-4BCE-433F-82D6-F11207A0581B}" = Sony ACID Music Studio 7.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBB2C1EF-1A54-428B-891D-AB2B5784F972}" = Blackjack Card Counter
"{C01D0FDE-B528-4161-8BF8-8B84638F81FF}_is1" = Leawo iPod Video Converter version 4.0.0.0
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AudibleManager" = AudibleManager
"avast" = avast! Internet Security
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"ConverterLite" = ConverterLite 1.1.1
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dance 6" = Dance 6
"Diego`s Dinosaur Adventure" = Diego`s Dinosaur Adventure (remove only)
"Diego's Dinosaur Adventure" = Diego's Dinosaur Adventure
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.0.9.2 (12/05/2011) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"EOS Utility" = Canon Utilities EOS Utility
"Gray Matter_is1" = Gray Matter
"Hip Hop 5" = Hip Hop 5
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Basic)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"pepakura_designer3en" = Pepakura Designer 3
"pepakura_viewer3en" = Pepakura Viewer 3
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Scholastic's I SPY Fun House" = Scholastic's I SPY Fun House
"Shop for HP Supplies" = Shop for HP Supplies
"Shopping Cart 3" = Shopping Cart 3
"The Haptek Player" = The Haptek Player
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Where's Wally The Fantastic Journey" = Where's Wally The Fantastic Journey 1.5.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.13.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"MP3MyMP3 3.0" = MP3MyMP3 3.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2012 5:10:57 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 3/25/2012 5:10:57 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 3/25/2012 5:10:57 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 3/25/2012 5:10:57 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 3/25/2012 5:16:33 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Application Error | ID = 1000
Description = Faulting application AppleMobileDeviceService.exe, version 17.89.0.12,
faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3.

Error - 3/25/2012 8:53:59 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Application Error | ID = 1000
Description = Faulting application AppleMobileDeviceService.exe, version 17.89.0.12,
faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3.

Error - 3/25/2012 10:54:05 PM | Computer Name = AYSH-0F1CB01EF1 | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 12.1.0.18, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2012 10:54:06 PM | Computer Name = AYSH-0F1CB01EF1 | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 12.1.0.18, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2012 11:09:48 PM | Computer Name = AYSH-0F1CB01EF1 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(58:b0:35:4e:fe:89@fe80::5ab0:35ff:fe4e:fe89._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 3/25/2012 11:11:13 PM | Computer Name = AYSH-0F1CB01EF1 | Source = Application Error | ID = 1000
Description = Faulting application AppleMobileDeviceService.exe, version 17.89.0.12,
faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3.

[ System Events ]
Error - 3/25/2012 4:34:17 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/25/2012 4:34:17 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/25/2012 4:35:39 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/25/2012 4:39:14 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7034
Description = The ANIWZCSd Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/25/2012 4:56:08 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/25/2012 5:09:01 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/25/2012 5:16:48 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/25/2012 8:54:10 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/25/2012 10:37:40 AM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/25/2012 11:11:29 PM | Computer Name = AYSH-0F1CB01EF1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 26 March 2012 - 07:24 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello numinous and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
numinous
Posted 27 March 2012 - 05:51 AM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi GLeobas thankyou for responding.

Quick update since my post, I guess I was impatient in waiting for a response so I went about reading other posts on this forum to see if I could find a similar issue and what the solution was, thusly I ended up downloading and running tdsskiller. It APPEARS to have caught the rootkit and removed it. I am no longer getting the "blue screen of death" when Avast! attempts to restart the computer to perform a boot-time scan and the last full system scan I performed came back clean. Also my problems with iTunes appear to have been resolved and my iPod syncs without crashing iTunes.

I apologise if this makes your job harder or caused you to waste time reviewing the log I previously posted.

If you would like me to post any new logs for you to look over to help me verify if the trojan has indeed been eradicated or if any other viruses are present I would still very much appreciate your assistance.

Thankyou again.

Edited by numinous, 27 March 2012 - 05:53 AM.

  • 0

#4
WhiteHat
Posted 27 March 2012 - 11:32 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, run OTL again and post a new log.
  • 0

#5
numinous
Posted 27 March 2012 - 11:23 PM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
New OTL logs

OTL logfile created on: 3/28/2012 8:26:27 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aysh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.89% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 47.76 Gb Free Space | 20.51% Space Free | Partition Type: NTFS

Computer Name: AYSH-0F1CB01EF1 | User Name: Aysh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 17:15:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
PRC - [2012/03/20 16:38:05 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 10:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/07 10:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/03 11:21:08 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2008/06/16 02:02:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/15 11:31:54 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/27 22:47:27 | 001,749,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032701\algo.dll
MOD - [2012/03/27 18:39:57 | 001,749,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032700\algo.dll
MOD - [2012/03/20 16:38:00 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/06 16:30:10 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko11.dll
MOD - [2012/02/25 08:59:13 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/04 01:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/07 10:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ougqkqs6_.sys -- (ougqkqs6_.sys)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/27 23:28:34 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/03/07 10:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 10:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/07 09:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/11/02 15:18:58 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/02 15:18:58 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/01 09:48:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/03/30 17:34:39 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/02/24 20:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/06 11:36:48 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/06/16 01:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 01:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/07 21:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/15 21:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/02/16 10:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C0-E139515991ED
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{D6B37BB2-DA87-4909-A924-16CB25029C49}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Aysh\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/27 17:15:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 16:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 16:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/27 17:16:21 | 000,000,000 | ---D | M]

[2009/12/24 16:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions
[2009/12/11 21:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions\[email protected]
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions
[2011/07/11 20:50:20 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/16 10:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
[2012/02/21 17:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/21 16:25:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/20 16:38:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 17:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 17:04:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Where's Wally OLR] C:\PROGRA~1\AVANQU~1\OLR\WHERE'~1\BVRPOlr.exe /Where's Wally File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Aysh\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aysh\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://cdn3.zone.msn...k.cab102118.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B04AEC4-671D-47B1-9E67-D4A9A955AA5E}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D67C0B-290C-4053-AEB0-5E70806ECB4F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D665C71E-59D4-442F-B896-361C5B038FB1}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/04 17:34:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\AutoRun\command - "" = G:\uxkl0apt.bat
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\open\Command - "" = G:\uxkl0apt.bat
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/26 21:50:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 21:46:37 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/03/26 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/03/26 11:49:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/26 00:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/24 00:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/24 00:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/24 00:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/24 00:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/24 00:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/22 20:12:18 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/03/22 20:12:01 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/03/22 20:12:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/22 20:11:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/03/22 20:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/03/22 16:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Local Settings\Application Data\Threat Expert
[2012/03/22 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/22 12:12:56 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/22 12:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/22 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/22 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2012/03/22 11:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/03/22 11:08:02 | 000,000,000 | ---D | C] -- C:\6f59402a068194da5b260530ce860218
[2012/03/21 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\Malwarebytes
[2012/03/21 22:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/21 16:25:49 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/21 16:25:49 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/21 16:25:46 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/21 16:25:46 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/21 16:25:45 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/21 16:25:44 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/21 16:25:44 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/21 16:25:43 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/21 16:25:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/21 16:25:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/20 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/20 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/17 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2012/03/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ConverterLite
[2012/03/17 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConverterLite
[2012/03/16 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2012/03/14 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/14 18:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 18:39:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/13 11:40:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aysh\Recent
[2012/03/13 11:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/13 11:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 12:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/09 12:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2012/03/09 08:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\PriceGong
[2012/03/05 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\GrayMatter
[2012/03/05 08:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc
[2012/02/29 11:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/28 08:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 08:24:26 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job
[2012/03/28 07:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 03:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/27 23:28:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/27 23:28:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/27 23:27:30 | 000,000,396 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/03/27 23:27:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}
[2012/03/27 23:27:18 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/03/27 23:26:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 17:15:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/03/26 21:47:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 15:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/25 23:39:34 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/03/25 22:49:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/25 18:33:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/24 00:34:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 20:12:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/22 20:03:36 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/03/22 16:25:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/22 12:14:44 | 000,685,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/20 18:52:02 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/19 20:52:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2012/03/19 12:47:40 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/17 18:52:46 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 17:54:17 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:54:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 11:40:27 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Microsoft PhotoDraw V2.lnk
[2012/03/13 10:15:08 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{D665C71E-59D4-442F-B896-361C5B038FB1}
[2012/03/07 10:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/07 10:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/07 10:04:25 | 000,112,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/07 10:03:23 | 000,196,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/07 10:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/07 09:44:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/03/06 21:40:26 | 001,044,169 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/29 18:25:47 | 000,407,320 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Arts Council Parent Letter 2012.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 23:39:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012/03/25 22:49:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/24 00:34:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/24 00:11:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/24 00:11:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/22 20:03:36 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/03/22 12:13:31 | 000,685,530 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/21 22:00:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 18:52:02 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/17 18:52:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 10:51:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 12:14:03 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/06 21:40:08 | 001,044,169 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/29 18:25:44 | 000,407,320 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\Arts Council Parent Letter 2012.pdf
[2012/02/16 13:11:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 10:10:32 | 000,000,084 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2011/11/02 15:18:58 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/02 15:18:58 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/10/13 18:14:05 | 000,000,618 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2011/07/29 22:27:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 21:31:24 | 000,092,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/01 16:03:11 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/11 12:21:11 | 000,139,554 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/01/11 12:21:11 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/11/17 15:43:29 | 000,052,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/06 10:47:08 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2010/11/06 10:47:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/10/14 22:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/09/02 14:51:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/02 14:51:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/02 14:51:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\$_hpcst$.hpc
[2010/09/02 14:47:59 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2010/09/02 14:47:59 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2010/09/02 14:47:57 | 104,050,688 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi

========== LOP Check ==========

[2012/02/18 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/07/05 04:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/03/20 22:26:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/01 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/24 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/07/29 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/03/22 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/06 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/02 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/10/30 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/02/24 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/10 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/06/29 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/22 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/06 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/19 13:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Azureus
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Colibri Games
[2012/03/17 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/13 11:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\DAEMON Tools Lite
[2011/01/01 07:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Digiarty
[2012/03/14 18:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/17 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2008/07/04 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leadertech
[2011/07/29 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo Video2iPod v2
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Ludia
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Moyea
[2009/12/15 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NCH Swift Sound
[2008/07/05 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NetMedia Providers
[2011/06/08 21:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Opera
[2010/09/02 14:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PC Suite
[2012/03/09 08:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PriceGong
[2012/03/09 12:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2008/07/05 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Publish Providers
[2009/11/06 11:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Recordpad
[2010/09/02 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Samsung
[2008/07/05 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony
[2011/07/11 21:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony Online Entertainment
[2012/03/22 12:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2011/07/12 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Unity
[2012/03/28 08:24:26 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:24EC51386CA87F00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#6
WhiteHat
Posted 28 March 2012 - 02:25 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ougqkqs6_.sys -- (ougqkqs6_.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C0-E139515991ED
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q="
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc  Community  Toolbar) -- C:\Documents and  Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote  Community  Toolbar) -- C:\Documents and  Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine)  --  C:\Documents and  Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\AutoRun\command - "" = G:\uxkl0apt.bat
O33 - MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\Shell\open\Command - "" = G:\uxkl0apt.bat
[2012/03/09 08:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\PriceGong
[2012/02/28 08:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#7
numinous
Posted 29 March 2012 - 12:47 AM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for all your help so far. Here's the two logs you requested:

~~~OTL log~~~


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
========== OTL ==========
Service ougqkqs6_.sys stopped successfully!
Service ougqkqs6_.sys deleted successfully!
File C:\WINDOWS\system32\drivers\ougqkqs6_.sys not found.
Service xpsec stopped successfully!
Service xpsec deleted successfully!
File C:\WINDOWS\system32\drivers\xpsec.sys not found.
Service xcpip stopped successfully!
Service xcpip deleted successfully!
File C:\WINDOWS\system32\drivers\xcpip.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\ not found.
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\ not found.
File G:\uxkl0apt.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4925ab4-7f05-11de-8d01-001fd05f34c9}\ not found.
File G:\uxkl0apt.bat not found.
C:\Documents and Settings\Aysh\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Aysh\Application Data\PriceGong folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 115003 bytes

User: All Users

User: Aysh
->Temp folder emptied: 200949705 bytes
->Temporary Internet Files folder emptied: 143461075 bytes
->Java cache emptied: 1837099 bytes
->FireFox cache emptied: 254810006 bytes
->Flash cache emptied: 54040 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4073289 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 17748 bytes
->Temporary Internet Files folder emptied: 47280215 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 3590161 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48863386 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 186526182 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 64430114 bytes

Total Files Cleaned = 914.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Aysh
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03292012_124519

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Aysh\Local Settings\Temporary Internet Files\Content.IE5\UAT17PXH\ADSAdClient31[4].txt not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_asw_aisI.tm~a10176\setup.lok not found!

Registry entries deleted on Reboot...




~~~aswMBR log~~~



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 13:04:07
-----------------------------
13:04:07.390 OS Version: Windows 5.1.2600 Service Pack 3
13:04:07.390 Number of processors: 2 586 0x1706
13:04:07.390 ComputerName: AYSH-0F1CB01EF1 UserName: Aysh
13:04:09.671 Initialize success
13:04:09.781 AVAST engine defs: 12032802
13:04:18.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
13:04:18.140 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238474MB BusType: 3
13:04:18.171 Disk 0 MBR read successfully
13:04:18.171 Disk 0 MBR scan
13:04:18.171 Disk 0 Windows XP default MBR code
13:04:18.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
13:04:18.171 Disk 0 scanning sectors +488376000
13:04:18.203 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
13:04:18.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:04:25.500 Service scanning
13:04:38.406 Modules scanning
13:04:43.062 Disk 0 trace - called modules:
13:04:43.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:04:43.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]
13:04:43.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a9402b0]
13:04:43.078 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8a8ccd98]
13:04:43.953 AVAST engine scan C:\WINDOWS
13:04:51.781 AVAST engine scan C:\WINDOWS\system32
13:06:48.906 AVAST engine scan C:\WINDOWS\system32\drivers
13:07:03.453 AVAST engine scan C:\Documents and Settings\Aysh
14:18:39.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aysh\Desktop\MBR.dat"
14:18:39.890 The log file has been saved successfully to "C:\Documents and Settings\Aysh\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 14:19:33
-----------------------------
14:19:33.546 OS Version: Windows 5.1.2600 Service Pack 3
14:19:33.546 Number of processors: 2 586 0x1706
14:19:33.546 ComputerName: AYSH-0F1CB01EF1 UserName: Aysh
14:19:35.656 Initialize success
14:19:35.937 AVAST engine defs: 12032802
14:19:49.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
14:19:49.734 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238474MB BusType: 3
14:19:49.781 Disk 0 MBR read successfully
14:19:49.781 Disk 0 MBR scan
14:19:49.781 Disk 0 Windows XP default MBR code
14:19:49.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
14:19:49.828 Disk 0 scanning sectors +488376000
14:19:49.890 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
14:19:50.062 Disk 0 scanning C:\WINDOWS\system32\drivers
14:20:29.531 Service scanning
14:20:41.656 Modules scanning
14:21:30.718 Disk 0 trace - called modules:
14:21:30.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:21:30.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]
14:21:30.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a9402b0]
14:21:30.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8a8ccd98]
14:21:31.546 AVAST engine scan C:\WINDOWS
14:22:26.921 AVAST engine scan C:\WINDOWS\system32
14:31:30.515 AVAST engine scan C:\WINDOWS\system32\drivers
14:33:03.625 AVAST engine scan C:\Documents and Settings\Aysh
16:27:22.359 AVAST engine scan C:\Documents and Settings\All Users
16:30:12.375 Scan finished successfully
16:43:53.986 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aysh\Desktop\MBR.dat"
16:43:54.001 The log file has been saved successfully to "C:\Documents and Settings\Aysh\Desktop\aswMBR.txt"
  • 0

#8
WhiteHat
Posted 30 March 2012 - 01:36 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

# Step 1 #

Please, Reopen MalwareBytes' Anti-Malware.

  • Go to the tab Updates and click in Download Update. If there's an update, allow MBAM to update its database.
  • Now, click on the tab Verify and select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


# Step 2 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

Edited by GLeobas, 30 March 2012 - 01:36 PM.

  • 0

#9
numinous
Posted 31 March 2012 - 03:22 AM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi and thanks,

Computer seems to be running fine. No sign of the trojan that I can see.

Here are the logs you asked for

~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Aysh :: AYSH-0F1CB01EF1 [administrator]

Protection: Disabled

3/31/2012 3:08:59 PM
mbam-log-2012-03-31 (15-08-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359657
Time elapsed: 1 hour(s), 53 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


~~~~~~~~~~~~~~

OTL logfile created on: 3/31/2012 5:07:02 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aysh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.44% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 42.93 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive D: | 5.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AYSH-0F1CB01EF1 | User Name: Aysh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 17:15:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
PRC - [2012/03/07 10:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/03 11:21:08 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/06/16 02:02:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/15 11:31:54 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/31 07:48:11 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12033001\algo.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/04 01:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2007/12/07 15:51:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/31 09:38:30 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/02 15:18:58 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/02 15:18:58 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/01 09:48:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/03/30 17:34:39 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/02/24 20:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/06 11:36:48 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/06/16 01:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 01:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/07 21:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/15 21:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/02/16 10:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{D6B37BB2-DA87-4909-A924-16CB25029C49}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Aysh\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/27 17:15:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 16:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 16:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/27 17:16:21 | 000,000,000 | ---D | M]

[2009/12/24 16:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions
[2009/12/11 21:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions\[email protected]
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions
[2011/07/11 20:50:20 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/16 10:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
[2012/02/21 17:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/21 16:25:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/20 16:38:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 17:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 17:04:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Where's Wally OLR] C:\PROGRA~1\AVANQU~1\OLR\WHERE'~1\BVRPOlr.exe /Where's Wally File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Aysh\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aysh\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://cdn3.zone.msn...k.cab102118.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B04AEC4-671D-47B1-9E67-D4A9A955AA5E}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D67C0B-290C-4053-AEB0-5E70806ECB4F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D665C71E-59D4-442F-B896-361C5B038FB1}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/04 17:34:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/07 19:10:18 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/10/07 01:44:34 | 000,000,000 | R--D | M] - D:\Autoupdate -- [ UDF ]
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 10:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/31 10:20:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 10:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/30 08:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/30 08:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 22:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\Uru Live
[2012/03/29 20:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Start Menu\Programs\Uru Live
[2012/03/29 20:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Uru Live
[2012/03/29 12:45:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/29 11:48:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/29 08:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/27 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/26 21:50:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 21:46:37 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/03/26 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/03/26 11:49:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/26 00:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/24 00:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/24 00:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/24 00:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/22 20:12:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/22 16:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Local Settings\Application Data\Threat Expert
[2012/03/22 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/22 12:12:56 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/22 12:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/22 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/22 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2012/03/22 11:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/03/22 11:08:02 | 000,000,000 | ---D | C] -- C:\6f59402a068194da5b260530ce860218
[2012/03/21 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\Malwarebytes
[2012/03/21 22:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/21 16:25:49 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/21 16:25:49 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/21 16:25:46 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/21 16:25:46 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/21 16:25:45 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/21 16:25:44 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/21 16:25:44 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/21 16:25:43 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/21 16:25:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/21 16:25:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/20 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/20 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/17 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2012/03/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ConverterLite
[2012/03/17 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConverterLite
[2012/03/16 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2012/03/14 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/14 18:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 18:39:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/13 11:40:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aysh\Recent
[2012/03/13 11:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/13 11:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 12:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/09 12:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2012/03/05 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\GrayMatter
[2012/03/05 08:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc

========== Files - Modified Within 30 Days ==========

[2012/03/31 17:07:15 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job
[2012/03/31 16:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 10:20:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 09:38:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/31 09:38:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/03/31 09:37:20 | 000,000,396 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/03/31 09:37:14 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}
[2012/03/31 09:37:06 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/03/31 09:37:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 09:36:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/30 15:42:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/30 15:40:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/29 20:56:29 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Myst Online - Uru Live.lnk
[2012/03/29 16:43:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\MBR.dat
[2012/03/29 12:50:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/29 11:50:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/29 08:10:02 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/28 16:28:49 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/27 17:15:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/03/26 21:47:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 15:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/25 23:39:34 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/03/22 16:25:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/22 12:14:44 | 000,685,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/20 18:52:02 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/19 20:52:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2012/03/17 18:52:46 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 17:54:17 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:54:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 11:40:27 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Microsoft PhotoDraw V2.lnk
[2012/03/13 10:15:08 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{D665C71E-59D4-442F-B896-361C5B038FB1}
[2012/03/07 10:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/07 10:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/07 10:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 21:40:26 | 001,044,169 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf

========== Files Created - No Company Name ==========

[2012/03/31 10:20:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 15:42:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/29 20:56:29 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\Myst Online - Uru Live.lnk
[2012/03/29 14:18:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\MBR.dat
[2012/03/29 08:10:02 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/25 23:39:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012/03/24 00:11:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/24 00:11:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/22 12:13:31 | 000,685,530 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/21 22:00:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 18:52:02 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/17 18:52:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 10:51:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 12:14:03 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/06 21:40:08 | 001,044,169 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/16 13:11:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 10:10:32 | 000,000,084 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2011/11/02 15:18:58 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/02 15:18:58 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/10/13 18:14:05 | 000,000,618 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2011/07/29 22:27:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 21:31:24 | 000,092,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/01 16:03:11 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/11 12:21:11 | 000,139,554 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/01/11 12:21:11 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/11/17 15:43:29 | 000,052,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/06 10:47:08 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2010/11/06 10:47:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/10/14 22:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/09/02 14:51:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/02 14:51:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/02 14:51:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\$_hpcst$.hpc
[2010/09/02 14:47:59 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2010/09/02 14:47:59 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2010/09/02 14:47:57 | 104,050,688 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi

========== LOP Check ==========

[2012/02/18 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/07/05 04:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/03/20 22:26:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/01 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/24 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/07/29 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/03/22 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/06 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/02 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/10/30 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/02/24 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/10 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/06/29 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/22 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/06 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/19 13:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Azureus
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Colibri Games
[2012/03/17 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/13 11:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\DAEMON Tools Lite
[2011/01/01 07:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Digiarty
[2012/03/14 18:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/17 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2008/07/04 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leadertech
[2011/07/29 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo Video2iPod v2
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Ludia
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Moyea
[2009/12/15 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NCH Swift Sound
[2008/07/05 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NetMedia Providers
[2011/06/08 21:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Opera
[2010/09/02 14:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PC Suite
[2012/03/09 12:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2008/07/05 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Publish Providers
[2009/11/06 11:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Recordpad
[2010/09/02 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Samsung
[2008/07/05 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony
[2011/07/11 21:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony Online Entertainment
[2012/03/22 12:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2011/07/12 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Unity
[2012/03/31 17:07:15 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:24EC51386CA87F00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#10
WhiteHat
Posted 01 April 2012 - 05:32 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]

:OTL
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc Community  Toolbar) -- C:\Documents and Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote Community  Toolbar) -- C:\Documents and Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine) --  C:\Documents and Settings\Aysh\Application  Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:24EC51386CA87F00
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic
  • 0

#11
numinous
Posted 02 April 2012 - 01:45 AM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the logs you requested


========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
========== OTL ==========
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\ not found.
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Folder C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]\ not found.
ADS C:\WINDOWS:24EC51386CA87F00 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38020A20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04022012_170539




~~~~~~~~~~~~~~~



OTL logfile created on: 4/2/2012 5:07:35 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aysh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.57% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 41.81 Gb Free Space | 17.96% Space Free | Partition Type: NTFS
Drive D: | 5.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AYSH-0F1CB01EF1 | User Name: Aysh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 17:15:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
PRC - [2012/03/07 10:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/03 11:21:08 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2008/06/16 02:02:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/15 11:31:54 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/02 03:47:03 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040101\algo.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/28 18:00:00 | 003,668,992 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/02 08:59:16 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/02 15:18:58 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/02 15:18:58 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/01 09:48:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/03/30 17:34:39 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/02/24 20:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/06 11:36:48 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/06/16 01:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 01:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/07 21:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/15 21:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/02/16 10:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{D6B37BB2-DA87-4909-A924-16CB25029C49}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Aysh\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/27 17:15:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 16:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 16:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/27 17:16:21 | 000,000,000 | ---D | M]

[2009/12/24 16:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions
[2009/12/11 21:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Extensions\[email protected]
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions
[2011/07/11 20:50:20 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/16 10:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/08 07:56:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/20 20:14:16 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/07 16:26:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Aysh\Application Data\Mozilla\Firefox\Profiles\affbu10w.default\extensions\[email protected]
[2012/02/21 17:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/21 16:25:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/20 16:38:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 17:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 17:04:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Where's Wally OLR] C:\PROGRA~1\AVANQU~1\OLR\WHERE'~1\BVRPOlr.exe /Where's Wally File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Aysh\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Aysh\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aysh\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://cdn3.zone.msn...k.cab102118.cab (MSN Games – Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B04AEC4-671D-47B1-9E67-D4A9A955AA5E}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D67C0B-290C-4053-AEB0-5E70806ECB4F}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D665C71E-59D4-442F-B896-361C5B038FB1}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aysh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/04 17:34:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/07 19:10:18 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/10/07 01:44:34 | 000,000,000 | R--D | M] - D:\Autoupdate -- [ UDF ]
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{894b3d24-46b7-11de-91f1-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcdf3b18-d764-11df-900b-001fd05f34c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 10:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/31 10:20:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 10:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/30 08:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/30 08:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 22:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\Uru Live
[2012/03/29 20:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Start Menu\Programs\Uru Live
[2012/03/29 20:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Uru Live
[2012/03/29 12:45:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/29 11:48:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/29 08:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/27 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/26 21:50:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 21:46:37 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/03/26 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/03/26 11:49:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/26 00:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/24 00:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/24 00:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/24 00:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/22 20:12:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/22 16:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Local Settings\Application Data\Threat Expert
[2012/03/22 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/22 12:12:56 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/22 12:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/22 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/22 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2012/03/22 11:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/03/22 11:08:02 | 000,000,000 | ---D | C] -- C:\6f59402a068194da5b260530ce860218
[2012/03/21 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\Malwarebytes
[2012/03/21 22:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/21 16:25:49 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/21 16:25:49 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/21 16:25:46 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/21 16:25:46 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/21 16:25:45 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/21 16:25:44 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/21 16:25:44 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/21 16:25:43 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/21 16:25:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/21 16:25:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/20 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/20 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/17 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
[2012/03/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/17 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ConverterLite
[2012/03/17 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConverterLite
[2012/03/16 13:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2012/03/14 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/14 18:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 18:39:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/13 11:40:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aysh\Recent
[2012/03/13 11:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/13 11:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 12:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/09 12:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2012/03/05 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aysh\My Documents\GrayMatter
[2012/03/05 08:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc

========== Files - Modified Within 30 Days ==========

[2012/04/02 17:03:35 | 001,629,555 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\cloth.jpg
[2012/04/02 17:03:16 | 001,015,486 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\cloth samples.jpg
[2012/04/02 17:02:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job
[2012/04/02 16:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 15:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 08:59:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/04/02 08:59:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1425521274-725345543-1004.job
[2012/04/02 08:57:53 | 000,000,396 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/04/02 08:57:49 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B1F7C5CE-8D3C-46EB-B7A1-E296EEA7642F}
[2012/04/02 08:57:41 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/04/02 08:57:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 08:57:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 10:06:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 10:20:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 15:42:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/29 20:56:29 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Myst Online - Uru Live.lnk
[2012/03/29 16:43:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\MBR.dat
[2012/03/29 12:50:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/29 11:50:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aysh\Desktop\aswMBR.exe
[2012/03/29 08:10:02 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/28 16:28:49 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/27 17:15:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/03/26 21:47:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aysh\Desktop\tdsskiller.exe
[2012/03/26 11:50:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aysh\Desktop\OTL.exe
[2012/03/25 23:39:34 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/03/22 16:25:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/22 12:14:44 | 000,685,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/20 18:52:02 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/19 20:52:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2012/03/17 18:52:46 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 17:54:17 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:54:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 11:40:27 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\Microsoft PhotoDraw V2.lnk
[2012/03/13 10:15:08 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{D665C71E-59D4-442F-B896-361C5B038FB1}
[2012/03/07 10:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/07 10:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/07 10:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/07 10:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/07 09:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 21:40:26 | 001,044,169 | ---- | M] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf

========== Files Created - No Company Name ==========

[2012/04/02 17:03:33 | 001,629,555 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\cloth.jpg
[2012/04/02 17:03:12 | 001,015,486 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\cloth samples.jpg
[2012/03/31 10:20:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 15:42:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/29 20:56:29 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\Myst Online - Uru Live.lnk
[2012/03/29 14:18:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\MBR.dat
[2012/03/29 08:10:02 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/25 23:39:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012/03/24 00:11:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/24 00:11:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/22 12:13:31 | 000,685,530 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/21 22:00:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 18:52:02 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/17 18:52:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\Microsoft\Internet Explorer\Quick Launch\VSO DivxToDVD.lnk
[2012/03/17 18:52:46 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\VSO DivxToDVD.lnk
[2012/03/17 13:07:44 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ConverterLite.lnk
[2012/03/14 10:51:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 12:14:03 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000B88.LCS
[2012/03/06 21:40:08 | 001,044,169 | ---- | C] () -- C:\Documents and Settings\Aysh\Desktop\TRPB_1_0717062216.pdf
[2012/02/16 13:11:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 10:10:32 | 000,000,084 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2011/11/02 15:18:58 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/02 15:18:58 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/10/13 18:14:05 | 000,000,618 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2011/07/29 22:27:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 21:31:24 | 000,092,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/01 16:03:11 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/11 12:21:11 | 000,139,554 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/01/11 12:21:11 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/11/17 15:43:29 | 000,052,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/06 10:47:08 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2010/11/06 10:47:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/10/14 22:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/09/02 14:51:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/02 14:51:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/02 14:51:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Aysh\Application Data\$_hpcst$.hpc
[2010/09/02 14:47:59 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2010/09/02 14:47:59 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2010/09/02 14:47:57 | 104,050,688 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi

========== LOP Check ==========

[2012/02/18 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2012/03/21 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/07/05 04:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/03/20 22:26:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/01 09:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/24 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/07/29 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/03/22 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/06 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/02 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/10/30 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/02/24 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/10 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/06/29 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/22 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/06 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/19 13:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Azureus
[2011/10/31 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Colibri Games
[2012/03/17 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ConverterLite
[2012/03/13 11:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\DAEMON Tools Lite
[2011/01/01 07:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Digiarty
[2012/03/14 18:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ElevatedDiagnostics
[2012/03/17 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVU
[2012/03/16 13:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\IMVUClient
[2008/07/04 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leadertech
[2011/07/29 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Leawo Video2iPod v2
[2011/05/06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Ludia
[2011/07/29 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Moyea
[2009/12/15 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NCH Swift Sound
[2008/07/05 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\NetMedia Providers
[2011/06/08 21:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Opera
[2010/09/02 14:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\PC Suite
[2012/03/09 12:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\ProtectDISC
[2008/07/05 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Publish Providers
[2009/11/06 11:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Recordpad
[2010/09/02 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Samsung
[2008/07/05 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony
[2011/07/11 21:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Sony Online Entertainment
[2012/03/22 12:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\TestApp
[2011/07/12 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aysh\Application Data\Unity
[2012/04/02 17:02:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0E4DDDF-469A-4794-8674-0A575E3C82CC}.job

========== Purity Check ==========



< End of report >
  • 0

#12
WhiteHat
Posted 03 April 2012 - 05:36 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

- Please, create a new profile in firefox:
http://kb.mozillazin...file_on_Windows

- I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create[LIST]



    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
    Posted Image Malwarebytes. Update and run weekly to keep your system clean

    Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
    [LIST]
  • Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe.
  • 0

#13
numinous
Posted 11 April 2012 - 06:39 PM

numinous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi there,

Sorry for the long delay over easter. Have completed all these steps and computer appears to be running fine with no sign of the virus.

Thankyou very much for all your help. It is very much appreciated
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP