Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan/redirect malware?

Started by airjohnny , Nov 09 2010 04:35 PM

  • Please log in to reply

#1
airjohnny
Posted 09 November 2010 - 04:35 PM

airjohnny

    New Member

  • Member
  • Pip
  • 1 posts
I have acquired a Trojan that AVG is calling Win32/Patched.
So I downloaded the free Avire Anti-Virus software and calling it TR/Crypt.XPACK.Gen2

It seems to be attatched to "windows.explorer.exe" and "Windows\System32\wininit.exe"
Browsing websites some say to remove the wininit, others say it's too valuable to. Either way my antivirus softwars won't stop poppung up because of this.

Also being redirected from search engines, assuming it's all linked.
Couldn't tell you how I got it as I seriously have no idea.

So I guess I wanna know, is it possible to repair this problem; and how would I do this?

OTL logfile created on: 09/11/2010 22:03:19 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johnny\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 27.11 Gb Free Space | 24.30% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 54.56 Gb Free Space | 48.91% Space Free | Partition Type: NTFS

Computer Name: JOHNNYS-LAPTOP | User Name: Johnny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 22:01:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Downloads\OTL.exe
PRC - [2010/10/29 00:59:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/20 19:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:56 | 000,434,344 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/04 09:49:16 | 000,398,568 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/07/04 09:49:14 | 000,075,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/04/21 04:42:35 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Johnny\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] () -- C:\Windows\explorer.exe
PRC - [2008/09/10 22:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/16 23:31:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/13 21:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 18:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 01:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 01:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/04/07 05:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/28 21:47:46 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtcmd.exe
PRC - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/21 02:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2008/01/21 02:23:42 | 000,096,768 | ---- | M] () -- C:\Windows\System32\wininit.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/23 18:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 22:01:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Downloads\OTL.exe
MOD - [2008/06/11 18:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/03/28 21:47:54 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprthook.dll
MOD - [2008/01/21 02:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/04 09:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/06/08 17:25:00 | 003,046,748 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/06 04:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/05/15 01:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/07/27 04:39:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/04 09:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/09/12 08:24:32 | 000,036,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/12 21:33:38 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/11 18:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/14 01:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/15 01:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/05/15 01:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/05/15 01:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/22 14:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 14:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 14:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008/02/21 09:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/31 01:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/31 01:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 02:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/21 02:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/25 15:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2006/11/03 05:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...8&m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...8&m=aspire_5735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...8&m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=14542
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {61511f82-5694-4c77-a030-874128bfa3bf}:1
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/06 16:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions [2010/10/23 17:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/03 16:14:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/11/03 16:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 16:19:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 00:59:41 | 000,000,000 | ---D | M]

[2009/07/27 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Mozilla\Extensions
[2009/07/27 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/09 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions
[2010/09/04 18:58:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/19 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{61511f82-5694-4c77-a030-874128bfa3bf}
[2010/08/13 16:46:56 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/11/01 01:07:56 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/06/16 17:36:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}(48)
[2010/11/09 10:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/10 15:02:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/13 16:48:02 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\[email protected]
[2010/08/01 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ved73574.default\extensions\[email protected]
[2010/11/09 10:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 20:39:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/21 11:20:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/28 22:48:38 | 000,087,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/19 21:11:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/13 16:46:51 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/02/19 21:11:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/19 21:11:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/28 16:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchFxt.xml
[2010/02/19 21:11:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/06 16:12:09 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{6A4A5CBF-01CD-82F5-BBA9-207B77BD5137}] C:\Users\Johnny\AppData\Roaming\Sozie\noycn.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe ()
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - Userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 21:23:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/09 21:23:22 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/09 21:23:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/09 21:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/09 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/09 21:10:38 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/11/09 10:25:49 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\QuickScan
[2010/11/07 16:36:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/07 16:35:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Toifog
[2010/11/07 16:35:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Sozie
[2010/11/04 01:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/11/04 01:26:30 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\TuneUpMedia
[2010/11/04 01:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/11/04 01:25:29 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\OpenCandy
[2010/11/04 01:25:26 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\OpenCandy
[2010/11/03 16:21:03 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\AVG Security Toolbar
[2010/11/03 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\AVG10
[2010/11/03 16:18:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/03 16:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/11/03 16:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/03 16:13:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/01 09:48:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/01 09:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/23 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickPotatoLiteSA
[2010/10/23 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/10/23 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\ClickPotatoLite
[2010/10/23 17:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\ClickPotatoLite
[2010/10/23 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\cache
[2010/10/21 17:15:52 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/10/21 17:15:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Registry Patrol
[2010/10/21 17:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Patrol
[2010/10/14 14:49:02 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/10/14 14:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2008/12/09 00:16:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Johnny\Documents\*.tmp files -> C:\Users\Johnny\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 21:54:55 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/09 21:54:54 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 21:49:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/11/09 21:48:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 21:48:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 21:48:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 21:48:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 21:33:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 21:23:38 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/09 21:22:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1690204424-886918587-3077181610-1000UA.job
[2010/11/09 21:10:27 | 000,000,036 | ---- | M] () -- C:\Users\Johnny\AppData\Local\housecall.guid.cache
[2010/11/09 19:54:11 | 098,819,235 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/09 02:22:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1690204424-886918587-3077181610-1000Core.job
[2010/11/05 21:16:52 | 000,225,280 | ---- | M] () -- C:\Users\Johnny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 20:51:03 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/11/04 01:26:59 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/10/28 23:04:16 | 000,010,559 | ---- | M] () -- C:\Users\Johnny\Documents\Needlist.docx
[2010/10/28 22:57:20 | 000,012,191 | ---- | M] () -- C:\Users\Johnny\Documents\Rota.xlsx
[2010/10/28 12:46:51 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/10/28 12:46:50 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/10/28 12:46:50 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/10/27 02:53:49 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/16 01:12:37 | 000,002,702 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/10/15 20:01:58 | 000,000,797 | ---- | M] () -- C:\Users\Johnny\Desktop\Game - Shortcut (2).lnk
[2010/10/14 20:47:45 | 000,035,831 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/10/14 14:49:02 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/10/14 14:49:02 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[1 C:\Users\Johnny\Documents\*.tmp files -> C:\Users\Johnny\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 21:23:38 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/09 21:10:27 | 000,000,036 | ---- | C] () -- C:\Users\Johnny\AppData\Local\housecall.guid.cache
[2010/11/09 19:54:11 | 098,819,235 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/04 01:26:59 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/10/15 20:01:47 | 000,000,797 | ---- | C] () -- C:\Users\Johnny\Desktop\Game - Shortcut (2).lnk
[2010/10/14 14:49:05 | 000,035,831 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/10/14 14:49:02 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/10/11 16:47:17 | 000,010,559 | ---- | C] () -- C:\Users\Johnny\Documents\Needlist.docx
[2010/09/18 16:46:55 | 000,002,702 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/09/03 16:56:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/09/03 16:56:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/09/03 16:56:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/07/09 07:58:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/06/05 17:31:51 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/29 17:08:53 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/05/29 14:37:25 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/29 13:51:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/04/29 13:51:49 | 000,036,512 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/04/26 02:07:34 | 000,006,648 | ---- | C] () -- C:\Users\Johnny\AppData\Local\d3d9caps.dat
[2009/04/21 05:19:37 | 000,225,280 | ---- | C] () -- C:\Users\Johnny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 00:01:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/12/08 23:33:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/12/08 23:31:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/08 23:31:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/08 23:29:58 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/04/30 09:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 09:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 09:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 08:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 08:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 08:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/25 15:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/05/07 13:04:12 | 000,000,000 | -HSD | M] -- C:\Users\Johnny\AppData\Roaming\.#
[2010/11/03 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\AVG10
[2010/10/23 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\ClickPotatoLite
[2009/05/29 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\eSobi
[2009/04/28 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\iWin
[2010/11/09 10:08:50 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\LimeWire
[2010/11/04 01:25:26 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\OpenCandy
[2010/11/09 19:55:47 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\QuickScan
[2010/03/19 00:06:19 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Samsung
[2010/11/09 10:28:01 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Sozie
[2010/11/07 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Toifog
[2010/03/09 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TS3Client
[2010/11/04 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TuneUpMedia
[2010/11/09 21:46:53 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E36F5B57

< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 16 November 2010 - 02:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP