Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Kryptik.BCY Trojan [Solved]


  • This topic is locked This topic is locked

#1
AnimeFanatic

AnimeFanatic

    Member

  • Member
  • PipPip
  • 15 posts
Hi, glad to have found a forum that deals with pesky Malware/Adware and Viruses. Where to begin...well, i currently have AVG 2012 installed on my machine and for the past week it has detected a virus C:\Windows\System32\.dll and describes it as Win32/Heri and since i'm not too advanced in regards to computers when i saw the words system32 and dll i was pretty freaked out. Before finding this site and & running OTL, i had run ESET online scanner (hopefully that isn't a problem) which found 3 threats:

a variant of Win32/Kryptik.BCY trojan
Win32/Adware.RON.FSV application
a variant of Win32/Adware.GooochiBiz.AN

it described them as being C:\Windows\System32\.dll and C:\Windows\System32\.exe now i didn't clean them in fear of ruining something permanently. So, i looked around for malware/virus removal forums and here i am and i'm hoping that with the aid of the experts here, we can kick this virus' butt. Thank you for taking the time out to read/respond...it is truly appreciated.


OTL log as requested


OTL logfile created on: 5/16/2012 7:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\SainT\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 45.18% Memory free
5.96 Gb Paging File | 4.43 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 94.31 Gb Free Space | 41.61% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive R: | 698.63 Gb Total Space | 264.68 Gb Free Space | 37.89% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: SainT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
PRC - [2012/04/26 00:48:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/12/18 15:18:56 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/05 04:01:09 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/26 00:48:48 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/04/22 18:25:28 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2010/11/21 02:22:16 | 000,839,680 | ---- | M] () -- C:\Users\SainT\AppData\LocalLow\Megamedia\Megakey\LIBEAY32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2012/05/05 04:01:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 00:48:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 18:52:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | System | Stopped] -- -- (Aspi32)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 10:27:32 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/22 18:26:12 | 000,037,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:10 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:08 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:06 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:04 | 000,188,808 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eudisk.sys -- (EUDISK)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/09 17:13:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0A251E1F-51EF-410A-BAAD-03AB64830B2E}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{970937A7-5EA7-4BAD-BB9A-65FCE8D7A527}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{B14E7F7F-B6AB-40C3-9C03-B022C6CE5701}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0352FAEF-A60D-4814-A7F3-87FAAFB169C3}
IE - HKCU\..\SearchScopes\{0352FAEF-A60D-4814-A7F3-87FAAFB169C3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{0A251E1F-51EF-410A-BAAD-03AB64830B2E}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-04-30 01:35:53&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{970937A7-5EA7-4BAD-BB9A-65FCE8D7A527}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{B14E7F7F-B6AB-40C3-9C03-B022C6CE5701}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\SainT\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@megamedia/Megakey: C:\Users\SainT\AppData\Local\Megamedia\Megakey\npMegaPlugin.dll (Megamedia Ltd.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\SainT\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/06 16:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 00:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 02:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}: C:\Users\SainT\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB} [2011/05/08 03:09:34 | 000,000,000 | ---D | M]

[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions
[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/16 17:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions
[2012/04/25 01:02:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/11 23:19:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 19:10:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/30 15:45:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/12 16:59:32 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/04/30 02:49:20 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\[email protected]
[2012/05/16 17:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\staged
[2009/06/13 15:47:38 | 000,004,207 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\aim-search.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\MySpace.xml
[2012/03/18 03:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/06 02:25:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 03:45:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/04/26 00:48:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/02/21 19:06:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/24 21:44:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/13 04:38:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 04:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/17 14:13:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\SainT\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Capture Web Page - C:\Users\SainT\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\SainT\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10AA17A2-D126-48AA-83FE-D0C879DD6E86}: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E482E967-79EE-4338-AA1B-3C5E2C2B8CF3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Value error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 15:48:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 18:50:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 13:08:19 | 002,322,184 | ---- | C] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/09 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/06 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/06 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\AVG2012
[2012/05/06 16:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/05/06 16:25:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/06 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/06 16:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/06 02:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/05/06 02:49:58 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\uTorrent
[2012/05/03 12:51:43 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\CRE
[2012/05/03 12:51:09 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\Conduit
[2012/04/30 19:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/04/30 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2012/04/30 19:16:05 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Systweak
[2012/04/26 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2012/04/26 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Google
[2012/04/26 00:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/23 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\SainT\Documents\ArcSoft TotalMedia ShowBiz
[2012/04/22 18:13:20 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/18 02:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/18 02:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/04/18 02:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/18 02:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/17 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\BBSAK
[2012/04/16 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2011/12/03 19:09:43 | 005,811,712 | ---- | C] (reFX) -- C:\Program Files\Nexus.dll
[2010/11/20 02:08:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\SainT\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 19:10:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E19E73CE-0F1C-4E23-A916-63BE87006EDB}.job
[2012/05/16 19:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 18:08:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 18:08:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 17:16:30 | 000,151,996 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/16 16:13:46 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 16:13:46 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 16:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 16:08:06 | 3085,492,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 13:17:09 | 098,325,467 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/16 13:08:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 18:15:20 | 000,016,784 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\wklnhst.dat
[2012/05/14 17:49:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSainT.job
[2012/05/13 14:22:48 | 003,647,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 19:15:10 | 000,136,192 | ---- | M] () -- C:\Users\SainT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/11 12:06:15 | 000,625,339 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/06 16:45:17 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | M] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/27 14:50:55 | 000,121,848 | ---- | M] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2012/04/27 14:45:38 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/23 00:11:35 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 13:17:04 | 000,053,723 | ---- | M] () -- C:\Windows\System32\.exe
[2012/04/18 02:14:15 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/17 21:30:24 | 000,001,940 | ---- | M] () -- C:\Users\SainT\Desktop\BBSAK.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 17:16:30 | 000,151,996 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/16 16:08:06 | 3085,492,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/16 13:17:09 | 098,325,467 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/11 12:06:15 | 000,625,339 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/06 16:56:26 | 000,000,397 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 3.lnk
[2012/05/06 16:26:16 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | C] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/27 14:50:51 | 000,121,848 | ---- | C] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2012/04/22 13:17:04 | 000,053,723 | ---- | C] () -- C:\Windows\System32\.exe
[2012/04/18 02:14:15 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/18 02:12:41 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/17 21:30:24 | 000,001,940 | ---- | C] () -- C:\Users\SainT\Desktop\BBSAK.lnk
[2011/07/19 20:04:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/07/11 13:58:07 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/11 13:58:07 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/11 13:58:07 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/11 13:58:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/11 13:58:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/11 02:10:35 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/04/02 02:37:01 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/02 02:36:58 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/25 05:00:02 | 000,877,056 | ---- | C] () -- C:\Windows\System32\.dll
[2010/11/20 02:08:07 | 000,007,887 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.cat
[2010/11/20 02:08:07 | 000,001,144 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.inf
[2010/11/18 19:59:35 | 000,001,057 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\vso_ts_preview.xml
[2010/09/23 00:11:17 | 000,000,000 | ---- | C] () -- C:\Users\SainT\AppData\Local\prvlcl.dat
[2010/07/24 00:38:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/06/19 01:54:23 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== LOP Check ==========

[2008/06/24 14:23:12 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\acccore
[2011/07/10 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Acronis
[2011/08/31 16:07:16 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\AnvSoft
[2012/05/06 16:26:46 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\AVG2012
[2010/08/28 01:19:39 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Blackberry Desktop
[2011/07/31 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Blue Cat Audio
[2012/03/24 03:22:56 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/14 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/30 17:36:56 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\DAEMON Tools Pro
[2010/06/29 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Facebook
[2010/06/19 01:54:32 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\FreeAudioPack
[2009/01/08 02:11:06 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\FrostWire
[2011/10/22 21:52:06 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Gamelab
[2011/02/23 02:47:32 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\gtk-2.0
[2011/09/16 01:01:55 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Image-Line
[2011/06/08 14:58:23 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\IObit
[2012/02/05 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\iZotope
[2008/07/02 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\LimeWireTurbo
[2011/05/08 03:09:53 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Megamedia
[2011/04/30 00:57:24 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Megaupload
[2011/09/23 05:29:52 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Moyea
[2010/01/13 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\MSNInstaller
[2009/03/13 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Paltalk
[2009/12/03 01:44:10 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Propellerhead Software
[2008/06/24 14:23:18 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\QQ Games Plugin
[2010/08/28 01:09:27 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Research In Motion
[2009/03/09 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Steinberg
[2011/02/11 04:00:35 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\SynthMaker
[2012/04/30 19:18:20 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Systweak
[2008/06/26 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Template
[2011/07/19 22:19:13 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\TrojanHunter
[2012/05/16 15:31:40 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\uTorrent
[2010/08/03 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Voxengo
[2012/03/08 03:42:28 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Vso
[2012/03/08 22:12:04 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\Waves Audio
[2008/07/12 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\SainT\AppData\Roaming\WinBatch
[2012/05/16 15:32:28 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/16 19:10:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E19E73CE-0F1C-4E23-A916-63BE87006EDB}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:88050731

< End of report >
  • 0

Advertisements


#2
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Having said that....Let's get going!! :thumbup:
----------

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it
----------
  • 0

#3
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you for responding Jeff...i ran aswMBR as requested. Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 14:03:24
-----------------------------
14:03:24.436 OS Version: Windows 6.0.6002 Service Pack 2
14:03:24.436 Number of processors: 2 586 0x4B02
14:03:24.437 ComputerName: HOME-PC UserName: SainT
14:03:40.121 Initialize success
14:04:14.960 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
14:04:14.965 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 6
14:04:14.980 Disk 0 MBR read successfully
14:04:14.986 Disk 0 MBR scan
14:04:14.991 Disk 0 Windows 7 default MBR code
14:04:15.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 232063 MB offset 63
14:04:15.018 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6408 MB offset 475266960
14:04:15.032 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 715395 MB offset 488392704
14:04:15.045 Disk 0 scanning sectors +1953521664
14:04:15.111 Disk 0 scanning C:\Windows\system32\drivers
14:04:20.444 Service scanning
14:04:30.056 Modules scanning
14:04:43.023 Disk 0 trace - called modules:
14:04:43.040 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:04:43.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874f1968]
14:04:43.053 3 CLASSPNP.SYS[8afe08b3] -> nt!IofCallDriver -> [0x86470150]
14:04:43.060 5 acpi.sys[832166bc] -> nt!IofCallDriver -> \Device\00000066[0x86470b88]
14:04:43.067 Scan finished successfully
14:04:54.958 Disk 0 MBR has been saved successfully to "C:\Users\SainT\Desktop\MBR.dat"
14:04:54.969 The log file has been saved successfully to "C:\Users\SainT\Desktop\aswMBR.txt"
  • 0

#4
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0A251E1F-51EF-410A-BAAD-03AB64830B2E}: "URL" = http://search.live.c...ource?}&FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
    IE - HKLM\..\SearchScopes\{970937A7-5EA7-4BAD-BB9A-65FCE8D7A527}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{B14E7F7F-B6AB-40C3-9C03-B022C6CE5701}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...Web&orig=IMC-IE
    IE - HKCU\..\SearchScopes\{0A251E1F-51EF-410A-BAAD-03AB64830B2E}: "URL" = http://search.live.c...ource?}&FORM=HVDUS7
    IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-04-30 01:35:53&v=8.0.0.34&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{970937A7-5EA7-4BAD-BB9A-65FCE8D7A527}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{B14E7F7F-B6AB-40C3-9C03-B022C6CE5701}: "URL" = http://search.avg.co...}&iy=b&ychte=us
    [2012/02/13 04:38:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\SainT\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    [2012/05/03 12:51:09 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\Conduit
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2012/05/11 19:15:10 | 000,136,192 | ---- | M] () -- C:\Users\SainT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#5
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry about the long response time Jeff, i thought i was supposed to get an email notification whenever someone posted/replied to my thread. Anyhow, i ran ERUNT and OTL...still getting the C:\Windows\System32\.dll virus notification from AVG also got a message from ERUNT unable to create file: C:\Windows\ERDNT\AutoBackup\5-17-2012\ERDNT.INF Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.

Here is the new OTL log as requested:

OTL logfile created on: 5/17/2012 3:46:19 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\SainT\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 63.08% Memory free
5.97 Gb Paging File | 4.93 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 94.49 Gb Free Space | 41.69% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.69 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
Drive R: | 698.63 Gb Total Space | 264.46 Gb Free Space | 37.85% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: SainT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/22 18:25:28 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2012/05/05 04:01:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 00:48:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 18:52:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | System | Stopped] -- -- (Aspi32)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 10:27:32 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/22 18:26:12 | 000,037,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:10 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:08 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:06 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:04 | 000,188,808 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eudisk.sys -- (EUDISK)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/09 17:13:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0352FAEF-A60D-4814-A7F3-87FAAFB169C3}
IE - HKCU\..\SearchScopes\{0352FAEF-A60D-4814-A7F3-87FAAFB169C3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\SainT\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@megamedia/Megakey: C:\Users\SainT\AppData\Local\Megamedia\Megakey\npMegaPlugin.dll (Megamedia Ltd.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\SainT\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/06 16:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 00:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 02:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}: C:\Users\SainT\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB} [2011/05/08 03:09:34 | 000,000,000 | ---D | M]

[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions
[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/17 10:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions
[2012/04/25 01:02:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/11 23:19:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 10:12:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/30 15:45:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/12 16:59:32 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/04/30 02:49:20 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\[email protected]
[2009/06/13 15:47:38 | 000,004,207 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\aim-search.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\MySpace.xml
[2012/03/18 03:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/06 02:25:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 03:45:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/04/26 00:48:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/02/21 19:06:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/24 21:44:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/13 04:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/17 14:13:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = R:\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Capture Web Page - C:\Users\SainT\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\SainT\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10AA17A2-D126-48AA-83FE-D0C879DD6E86}: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E482E967-79EE-4338-AA1B-3C5E2C2B8CF3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Value error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 15:48:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 15:26:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/17 15:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/17 15:09:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\SainT\Desktop\erunt-setup.exe
[2012/05/17 13:54:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\SainT\Desktop\aswMBR.exe
[2012/05/16 18:50:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 13:08:19 | 002,322,184 | ---- | C] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/12 13:27:40 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/12 13:27:40 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/12 13:27:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/12 13:27:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/12 13:27:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/12 13:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/12 13:27:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/12 13:27:33 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/06 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/06 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\AVG2012
[2012/05/06 16:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/05/06 16:25:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/06 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/06 16:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/06 02:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/05/06 02:49:58 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\uTorrent
[2012/05/05 04:01:04 | 004,140,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/05/03 12:51:43 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\CRE
[2012/04/30 19:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/04/30 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2012/04/30 19:16:05 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Systweak
[2012/04/26 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2012/04/26 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Google
[2012/04/26 00:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/23 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\SainT\Documents\ArcSoft TotalMedia ShowBiz
[2012/04/22 18:13:20 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/18 02:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/18 02:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/04/18 02:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/18 02:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/17 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\BBSAK
[2011/12/03 19:09:43 | 005,811,712 | ---- | C] (reFX) -- C:\Program Files\Nexus.dll
[2010/11/20 02:08:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\SainT\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/05/17 15:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E19E73CE-0F1C-4E23-A916-63BE87006EDB}.job
[2012/05/17 15:44:05 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/17 15:44:05 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/17 15:38:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 15:38:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 15:37:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/17 15:37:51 | 3085,492,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 15:13:09 | 000,000,616 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/17 15:12:53 | 000,000,472 | ---- | M] () -- C:\Users\SainT\Desktop\NTREGOPT.lnk
[2012/05/17 15:12:53 | 000,000,459 | ---- | M] () -- C:\Users\SainT\Desktop\ERUNT.lnk
[2012/05/17 15:09:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\SainT\Desktop\erunt-setup.exe
[2012/05/17 15:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 14:04:54 | 000,000,512 | ---- | M] () -- C:\Users\SainT\Desktop\MBR.dat
[2012/05/17 13:54:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\SainT\Desktop\aswMBR.exe
[2012/05/17 05:17:05 | 098,466,176 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/17 01:16:38 | 000,625,471 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 17:16:30 | 000,151,996 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/16 13:08:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 18:15:20 | 000,016,784 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\wklnhst.dat
[2012/05/14 17:49:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSainT.job
[2012/05/13 14:22:48 | 003,647,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/06 16:45:17 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | M] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/05 04:01:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 04:01:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/05 04:01:05 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/04/27 14:50:55 | 000,121,848 | ---- | M] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2012/04/27 14:45:38 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/23 00:11:35 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 13:17:04 | 000,053,723 | ---- | M] () -- C:\Windows\System32\.exe
[2012/04/18 02:14:15 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/17 21:30:24 | 000,001,940 | ---- | M] () -- C:\Users\SainT\Desktop\BBSAK.lnk

========== Files Created - No Company Name ==========

[2012/05/17 15:13:09 | 000,000,616 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/17 15:12:53 | 000,000,472 | ---- | C] () -- C:\Users\SainT\Desktop\NTREGOPT.lnk
[2012/05/17 15:12:53 | 000,000,459 | ---- | C] () -- C:\Users\SainT\Desktop\ERUNT.lnk
[2012/05/17 14:04:54 | 000,000,512 | ---- | C] () -- C:\Users\SainT\Desktop\MBR.dat
[2012/05/17 05:17:05 | 098,466,176 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/17 01:16:38 | 000,625,471 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/16 17:16:30 | 000,151,996 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/16 16:08:06 | 3085,492,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/06 16:56:26 | 000,000,397 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 3.lnk
[2012/05/06 16:26:16 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | C] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/27 14:50:51 | 000,121,848 | ---- | C] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2012/04/22 13:17:04 | 000,053,723 | ---- | C] () -- C:\Windows\System32\.exe
[2012/04/18 02:14:15 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/18 02:12:41 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/17 21:30:24 | 000,001,940 | ---- | C] () -- C:\Users\SainT\Desktop\BBSAK.lnk
[2011/07/19 20:04:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/07/11 13:58:07 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/11 13:58:07 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/11 13:58:07 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/11 13:58:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/11 13:58:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/11 02:10:35 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/04/02 02:37:01 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/02 02:36:58 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/25 05:00:02 | 000,877,056 | ---- | C] () -- C:\Windows\System32\.dll
[2010/11/20 02:08:07 | 000,007,887 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.cat
[2010/11/20 02:08:07 | 000,001,144 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.inf
[2010/11/18 19:59:35 | 000,001,057 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\vso_ts_preview.xml
[2010/09/23 00:11:17 | 000,000,000 | ---- | C] () -- C:\Users\SainT\AppData\Local\prvlcl.dat
[2010/07/24 00:38:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/06/19 01:54:23 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:88050731

< End of report >
  • 0

#6
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Good job running OTL. :) Let's get some information on that file so we can be sure it's not a false positive before we remove it.

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click VirusTotal

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\Windows\System32\.dll

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
  • 0

#7
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The VirusTotal word isn't clickable Jeff
  • 0

#8
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Sorry...try this..

VirusTotal
  • 0

#9
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
i can only browse to find a file i want to scan, it won't allow me to paste anything into the upload a file box
  • 0

#10
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
That is fine.
  • 0

Advertisements


#11
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Jeff, i tried to upload the file and i could not. Got a message saying .dll You don't have permission to open this file. Contact the file owner or an administrator to obtain permission.

I have administrator rights on this computer so that's a weird message.
  • 0

#12
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Ok...let's do the following...

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


  • Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
  • 0

#13
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry for the delay Jeff, ESET took forever lol. Here are the Malwarebytes and ESET logs you asked for:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.17.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SainT :: HOME-PC [administrator]

5/17/2012 8:05:29 PM
mbam-log-2012-05-17 (20-05-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229650
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Program Files\WildGames\Wedding Salon\WeddingSalon.exe a variant of Win32/Kryptik.BCY trojan
C:\Windows\System32\.dll a variant of Win32/Adware.GooochiBiz.AN application
C:\Windows\System32\.exe Win32/Adware.RON.FSV application
  • 0

#14
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Files
    C:\Program Files\WildGames\Wedding Salon\WeddingSalon.exe	
    C:\Windows\System32\.dll	
    C:\Windows\System32\.exe
    ipconfig/ flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [clearallrestorepoints]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

In your next reply please post the logs made by OTL and let me know how your system is running now? :)
  • 0

#15
AnimeFanatic

AnimeFanatic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Jeff, my computer is running the same as it always was...it was basically fine except for AVG notifying me every few hours about that C:\Windows\System32\.dll virus...also, whenever i start my computer and log on to my account i get this message saying Sub Spooler App failed to work. Have no idea what that is but the computer runs fine so i'm guessing its nothing severe. Here are both OTl logs you asked for:


All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files\WildGames\Wedding Salon\WeddingSalon.exe moved successfully.
C:\Windows\System32\.dll moved successfully.
C:\Windows\System32\.exe moved successfully.
< ipconfig/ flushdns /c >
Error: unrecognized or incomplete command line.
USAGE:
ipconfig [/allcompartments] [/? | /all |
/renew [adapter] | /release [adapter] |
/renew6 [adapter] | /release6 [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/allcompartments Display information for all compartments.
/release Release the IPv4 address for the specified adapter.
/release6 Release the IPv6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
> ipconfig /allcompartments ... Show information about all
compartments
> ipconfig /allcompartments /all ... Show detailed information about all
compartments
C:\Users\SainT\Desktop\cmd.bat deleted successfully.
C:\Users\SainT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SainT
->Temp folder emptied: 89211 bytes
->Temporary Internet Files folder emptied: 101033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50449013 bytes
->Flash cache emptied: 2390 bytes

User: Uno
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4544 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05182012_103059

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL logfile created on: 5/18/2012 10:40:41 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\SainT\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 63.07% Memory free
5.96 Gb Paging File | 4.81 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 92.58 Gb Free Space | 40.85% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.59 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive R: | 698.63 Gb Total Space | 264.46 Gb Free Space | 37.85% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: SainT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/12/18 15:18:56 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/22 18:25:28 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2012/05/05 04:01:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 00:48:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 11:00:00 | 003,622,912 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 18:52:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | System | Stopped] -- -- (Aspi32)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 10:27:32 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/22 18:26:12 | 000,037,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:10 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:08 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:06 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:04 | 000,188,808 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eudisk.sys -- (EUDISK)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/09 17:13:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0352FAEF-A60D-4814-A7F3-87FAAFB169C3}
IE - HKCU\..\SearchScopes\{0352FAEF-A60D-4814-A7F3-87FAAFB169C3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\SainT\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@megamedia/Megakey: C:\Users\SainT\AppData\Local\Megamedia\Megakey\npMegaPlugin.dll (Megamedia Ltd.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\SainT\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/06 16:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 00:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 02:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}: C:\Users\SainT\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB} [2011/05/08 03:09:34 | 000,000,000 | ---D | M]

[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions
[2010/06/28 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/17 10:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions
[2012/04/25 01:02:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/11 23:19:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 10:12:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/30 15:45:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/12 16:59:32 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/04/30 02:49:20 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\SainT\AppData\Roaming\mozilla\Firefox\Profiles\arhq8zbo.default\extensions\[email protected]
[2009/06/13 15:47:38 | 000,004,207 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\aim-search.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Mozilla\Firefox\Profiles\arhq8zbo.default\searchplugins\MySpace.xml
[2012/03/18 03:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/06 02:25:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 03:45:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SAINT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ARHQ8ZBO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/04/26 00:48:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/02/21 19:06:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/24 21:44:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/13 04:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/18 10:31:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = R:\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Capture Web Page - C:\Users\SainT\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\SainT\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10AA17A2-D126-48AA-83FE-D0C879DD6E86}: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E482E967-79EE-4338-AA1B-3C5E2C2B8CF3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Value error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\SainT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 15:48:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 15:26:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/17 15:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/17 15:09:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\SainT\Desktop\erunt-setup.exe
[2012/05/17 13:54:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\SainT\Desktop\aswMBR.exe
[2012/05/16 18:50:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 13:08:19 | 002,322,184 | ---- | C] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/12 13:27:40 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/12 13:27:40 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/12 13:27:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/12 13:27:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/12 13:27:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/12 13:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/12 13:27:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/12 13:27:33 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/06 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/06 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\AVG2012
[2012/05/06 16:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/05/06 16:25:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/06 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/06 16:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/06 02:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/05/06 02:49:58 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\uTorrent
[2012/05/05 04:01:04 | 004,140,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/05/03 12:51:43 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\CRE
[2012/04/30 19:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/04/30 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2012/04/30 19:16:05 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Systweak
[2012/04/26 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2012/04/26 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Roaming\Google
[2012/04/26 00:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/23 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\SainT\Documents\ArcSoft TotalMedia ShowBiz
[2012/04/22 18:13:20 | 000,000,000 | ---D | C] -- C:\Users\SainT\AppData\Local\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/22 18:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2011/12/03 19:09:43 | 005,811,712 | ---- | C] (reFX) -- C:\Program Files\Nexus.dll
[2010/11/20 02:08:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\SainT\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/05/18 10:40:08 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/18 10:40:08 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/18 10:39:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E19E73CE-0F1C-4E23-A916-63BE87006EDB}.job
[2012/05/18 10:34:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 10:34:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 10:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 10:34:08 | 3085,492,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 10:31:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/18 10:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 05:17:11 | 098,543,313 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/18 01:16:42 | 000,152,029 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/17 15:13:09 | 000,000,616 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/17 15:12:53 | 000,000,472 | ---- | M] () -- C:\Users\SainT\Desktop\NTREGOPT.lnk
[2012/05/17 15:12:53 | 000,000,459 | ---- | M] () -- C:\Users\SainT\Desktop\ERUNT.lnk
[2012/05/17 15:09:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\SainT\Desktop\erunt-setup.exe
[2012/05/17 14:04:54 | 000,000,512 | ---- | M] () -- C:\Users\SainT\Desktop\MBR.dat
[2012/05/17 13:54:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\SainT\Desktop\aswMBR.exe
[2012/05/17 01:16:38 | 000,625,471 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/16 18:50:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SainT\Desktop\OTL.exe
[2012/05/16 13:08:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\SainT\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 18:15:20 | 000,016,784 | ---- | M] () -- C:\Users\SainT\AppData\Roaming\wklnhst.dat
[2012/05/14 17:49:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSainT.job
[2012/05/13 14:22:48 | 003,647,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/06 16:45:17 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | M] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/05 04:01:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 04:01:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/05 04:01:05 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/04/27 14:50:55 | 000,121,848 | ---- | M] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2012/04/27 14:45:38 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/23 00:11:35 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/05/18 05:17:11 | 098,543,313 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/18 01:16:42 | 000,152,029 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/17 15:13:09 | 000,000,616 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/17 15:12:53 | 000,000,472 | ---- | C] () -- C:\Users\SainT\Desktop\NTREGOPT.lnk
[2012/05/17 15:12:53 | 000,000,459 | ---- | C] () -- C:\Users\SainT\Desktop\ERUNT.lnk
[2012/05/17 14:04:54 | 000,000,512 | ---- | C] () -- C:\Users\SainT\Desktop\MBR.dat
[2012/05/17 01:16:38 | 000,625,471 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/16 16:08:06 | 3085,492,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/06 16:56:26 | 000,000,397 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 3.lnk
[2012/05/06 16:26:16 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/06 02:50:40 | 000,000,738 | ---- | C] () -- C:\Users\SainT\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/27 14:50:51 | 000,121,848 | ---- | C] () -- C:\Users\SainT\Documents\cc_20120427_145047.reg
[2011/07/19 20:04:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/07/11 13:58:07 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/11 13:58:07 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/11 13:58:07 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/11 13:58:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/11 13:58:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/11 02:10:35 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/04/02 02:37:01 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/02 02:36:58 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2010/11/20 02:08:07 | 000,007,887 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.cat
[2010/11/20 02:08:07 | 000,001,144 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\pcouffin.inf
[2010/11/18 19:59:35 | 000,001,057 | ---- | C] () -- C:\Users\SainT\AppData\Roaming\vso_ts_preview.xml
[2010/09/23 00:11:17 | 000,000,000 | ---- | C] () -- C:\Users\SainT\AppData\Local\prvlcl.dat
[2010/07/24 00:38:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/06/21 16:21:42 | 000,000,048 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/06/19 01:54:23 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:88050731

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP