Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Operating Memory Win32/Olmarik Trojan

Started by J1gsaw , May 08 2011 12:29 AM

This topic is locked

#1
J1gsaw

Posted 08 May 2011 - 12:29 AM

New Member

Member
9 posts

Hello! After countless hours of trying to cleanse myself of this beast and many annoying popups from NOD32 I have decided to give it up and leave it to the techsperts

.
Current problems I'm experiencing (Just to note how far the trojan has developed)

Constant Redirection of webpages (Have to use google cache most of the time to connect to a site without redirection). This most of the time redirects to a random search engine page, which I believe is to be malicious. The more harmful times it redirects to a page called "windows security alerts" which, without approval attempts to download other software onto my computer. To avoid this I usually have to open task manager and close the firefox process 2-3 times (as firefox will constantly try to open up the page again)
Constant Additional webpages being opened

A quick reply would be greatly appreciated, included in this post will be the log files from

MalwareBytes
RootRepeal
OTL

Please refer to the attached items. Thanks -Jigsaw

Attached Files

mbam-log-2011-05-08 (15-22-33).txt 899bytes 105 downloads
rootpeal.txt 34.42KB 103 downloads
OTL+extras.Txt 146.41KB 118 downloads

Edited by J1gsaw, 08 May 2011 - 12:30 AM.

#2
ali.B

Posted 08 May 2011 - 01:09 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#3
J1gsaw

Posted 08 May 2011 - 01:21 AM

New Member

Topic Starter
Member
9 posts

Hi, thanks for the speedy reply. That seems to have done it as NOD32 doesn't detect it anymore and a second scan came up clean.

Attached Files

TDSSKiller.2.5.0.0_08.05.2011_17.11.31_log.txt 40.61KB 121 downloads

#4
ali.B

Posted 08 May 2011 - 01:25 AM

Trusted Helper

Malware Removal
3,086 posts

mind you please to post the logs instead of attaching them?

it makes it not easy to read the logs from a notepad, please post the TDSSKiller log

#5
J1gsaw

Posted 08 May 2011 - 01:27 AM

New Member

Topic Starter
Member
9 posts

Sorry, here you go.

2011/05/08 17:11:31.0859 3836 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 17:11:32.0656 3836 ================================================================================
2011/05/08 17:11:32.0656 3836 SystemInfo:
2011/05/08 17:11:32.0656 3836
2011/05/08 17:11:32.0656 3836 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/08 17:11:32.0656 3836 Product type: Workstation
2011/05/08 17:11:32.0656 3836 ComputerName: JIGSAW
2011/05/08 17:11:32.0656 3836 UserName: -Jigsaw-
2011/05/08 17:11:32.0656 3836 Windows directory: C:\WINDOWS
2011/05/08 17:11:32.0656 3836 System windows directory: C:\WINDOWS
2011/05/08 17:11:32.0656 3836 Processor architecture: Intel x86
2011/05/08 17:11:32.0656 3836 Number of processors: 2
2011/05/08 17:11:32.0656 3836 Page size: 0x1000
2011/05/08 17:11:32.0656 3836 Boot type: Normal boot
2011/05/08 17:11:32.0656 3836 ================================================================================
2011/05/08 17:11:32.0812 3836 Initialize success
2011/05/08 17:11:44.0218 2368 ================================================================================
2011/05/08 17:11:44.0218 2368 Scan started
2011/05/08 17:11:44.0218 2368 Mode: Manual;
2011/05/08 17:11:44.0218 2368 ================================================================================
2011/05/08 17:11:44.0609 2368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/08 17:11:44.0656 2368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/08 17:11:44.0687 2368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/08 17:11:44.0718 2368 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/08 17:11:44.0796 2368 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/08 17:11:44.0875 2368 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/05/08 17:11:44.0890 2368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/08 17:11:44.0890 2368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/08 17:11:44.0921 2368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/08 17:11:44.0937 2368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/08 17:11:44.0953 2368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/08 17:11:44.0984 2368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/08 17:11:45.0015 2368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/08 17:11:45.0015 2368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/08 17:11:45.0031 2368 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/08 17:11:45.0078 2368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/08 17:11:45.0109 2368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/08 17:11:45.0125 2368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/08 17:11:45.0140 2368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/08 17:11:45.0156 2368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/08 17:11:45.0187 2368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/08 17:11:45.0203 2368 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/05/08 17:11:45.0218 2368 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/05/08 17:11:45.0234 2368 epfwtdir (aa0af2830fc14ffd7e80611614ecac74) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/05/08 17:11:45.0250 2368 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
2011/05/08 17:11:45.0281 2368 ESLWireAC (47d9bed54cd3ff24b9c17a730f89c711) C:\WINDOWS\system32\drivers\ESLWireACD.sys
2011/05/08 17:11:45.0312 2368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/08 17:11:45.0328 2368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/08 17:11:45.0328 2368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/08 17:11:45.0343 2368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/08 17:11:45.0359 2368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/08 17:11:45.0375 2368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/08 17:11:45.0390 2368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/08 17:11:45.0406 2368 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/08 17:11:45.0421 2368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/08 17:11:45.0468 2368 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/08 17:11:45.0468 2368 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/08 17:11:45.0484 2368 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/08 17:11:45.0531 2368 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/08 17:11:45.0546 2368 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/08 17:11:45.0562 2368 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/08 17:11:45.0625 2368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/08 17:11:45.0671 2368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/08 17:11:45.0687 2368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/08 17:11:45.0781 2368 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/08 17:11:45.0859 2368 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/08 17:11:45.0875 2368 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/08 17:11:45.0890 2368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/08 17:11:45.0906 2368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/08 17:11:45.0921 2368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/08 17:11:45.0921 2368 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/08 17:11:45.0953 2368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/08 17:11:45.0968 2368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/08 17:11:45.0968 2368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/08 17:11:46.0000 2368 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/08 17:11:46.0015 2368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/08 17:11:46.0046 2368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/08 17:11:46.0078 2368 lgmdbus (54fec13b60914784aa06685f352aed70) C:\WINDOWS\system32\DRIVERS\lgmdbus.sys
2011/05/08 17:11:46.0093 2368 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\WINDOWS\system32\DRIVERS\lgmdmdfl.sys
2011/05/08 17:11:46.0109 2368 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\WINDOWS\system32\DRIVERS\lgmdmdm.sys
2011/05/08 17:11:46.0140 2368 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\WINDOWS\system32\DRIVERS\lgmdmgmt.sys
2011/05/08 17:11:46.0156 2368 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\WINDOWS\system32\DRIVERS\lgmdobex.sys
2011/05/08 17:11:46.0187 2368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/08 17:11:46.0203 2368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/08 17:11:46.0250 2368 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/08 17:11:46.0296 2368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/08 17:11:46.0343 2368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/08 17:11:46.0359 2368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/08 17:11:46.0375 2368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/08 17:11:46.0406 2368 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/08 17:11:46.0421 2368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/08 17:11:46.0453 2368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/08 17:11:46.0468 2368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/08 17:11:46.0484 2368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/08 17:11:46.0484 2368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/08 17:11:46.0500 2368 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/08 17:11:46.0500 2368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/08 17:11:46.0515 2368 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/08 17:11:46.0531 2368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/08 17:11:46.0546 2368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/08 17:11:46.0562 2368 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/08 17:11:46.0578 2368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/08 17:11:46.0593 2368 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/08 17:11:46.0625 2368 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/08 17:11:46.0687 2368 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/08 17:11:46.0703 2368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/08 17:11:46.0718 2368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/08 17:11:46.0734 2368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/08 17:11:46.0859 2368 nv (9233619977c4c5944925e685a1a5c3c4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/08 17:11:46.0953 2368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/08 17:11:46.0968 2368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/08 17:11:47.0000 2368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/08 17:11:47.0031 2368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/08 17:11:47.0046 2368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/08 17:11:47.0078 2368 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/08 17:11:47.0078 2368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/08 17:11:47.0109 2368 PCIIde (d18b0b815a03231fb8c6819486a3e1a7) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/08 17:11:47.0109 2368 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: d18b0b815a03231fb8c6819486a3e1a7, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
2011/05/08 17:11:47.0109 2368 PCIIde - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/08 17:11:47.0125 2368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/08 17:11:47.0156 2368 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/08 17:11:47.0171 2368 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/05/08 17:11:47.0218 2368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/08 17:11:47.0234 2368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/08 17:11:47.0250 2368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/08 17:11:47.0296 2368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/08 17:11:47.0296 2368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/08 17:11:47.0312 2368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/08 17:11:47.0312 2368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/08 17:11:47.0328 2368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/08 17:11:47.0343 2368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/08 17:11:47.0359 2368 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/08 17:11:47.0375 2368 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/08 17:11:47.0390 2368 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/08 17:11:47.0468 2368 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/08 17:11:47.0468 2368 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/08 17:11:47.0500 2368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/08 17:11:47.0515 2368 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/08 17:11:47.0531 2368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/08 17:11:47.0546 2368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/08 17:11:47.0578 2368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/08 17:11:47.0609 2368 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/08 17:11:47.0609 2368 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/08 17:11:47.0609 2368 sptd - detected LockedFile.Multi.Generic (1)
2011/05/08 17:11:47.0625 2368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/08 17:11:47.0671 2368 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/08 17:11:47.0687 2368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/08 17:11:47.0718 2368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/08 17:11:47.0765 2368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/08 17:11:47.0812 2368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/08 17:11:47.0843 2368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/08 17:11:47.0843 2368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/08 17:11:47.0859 2368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/08 17:11:47.0890 2368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/08 17:11:47.0906 2368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/08 17:11:47.0937 2368 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/08 17:11:47.0984 2368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/08 17:11:48.0000 2368 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/08 17:11:48.0000 2368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/08 17:11:48.0015 2368 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/08 17:11:48.0046 2368 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/08 17:11:48.0062 2368 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/08 17:11:48.0062 2368 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/08 17:11:48.0078 2368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/08 17:11:48.0078 2368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/08 17:11:48.0109 2368 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
2011/05/08 17:11:48.0140 2368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/08 17:11:48.0156 2368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/08 17:11:48.0171 2368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/08 17:11:48.0187 2368 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/08 17:11:48.0218 2368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/08 17:11:48.0265 2368 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/08 17:11:48.0390 2368 ================================================================================
2011/05/08 17:11:48.0390 2368 Scan finished
2011/05/08 17:11:48.0390 2368 ================================================================================
2011/05/08 17:11:48.0390 4076 Detected object count: 2
2011/05/08 17:12:11.0234 4076 PCIIde (d18b0b815a03231fb8c6819486a3e1a7) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/08 17:12:11.0234 4076 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: d18b0b815a03231fb8c6819486a3e1a7, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
2011/05/08 17:12:11.0718 4076 Backup copy found, using it..
2011/05/08 17:12:11.0765 4076 C:\WINDOWS\system32\DRIVERS\pciide.sys - will be cured after reboot
2011/05/08 17:12:11.0765 4076 Rootkit.Win32.TDSS.tdl3(PCIIde) - User select action: Cure
2011/05/08 17:12:11.0765 4076 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/08 17:13:27.0640 2500 Deinitialize success

#6
ali.B

Posted 08 May 2011 - 01:30 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

Malwarebytes Results.
Eset scanner report.
Update on how your computer is running

#7
J1gsaw

Posted 08 May 2011 - 06:09 AM

New Member

Topic Starter
Member
9 posts

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6529

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/8/2011 5:34:31 PM
mbam-log-2011-05-08 (17-34-31).txt

Scan type: Quick scan
Objects scanned: 170720
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Eset Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2b0b96c20e917542985b8a3fc1eed728
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-08 09:14:43
# local_time=2011-05-08 07:14:43 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 9708157 9708157 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8199 39157077 100 100 29051 70111469 0 0
# scanned=259421
# found=2
# cleaned=2
# scan_time=5426
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\-Jigsaw-\My Documents\Downloads\Autodesk Maya 2010 X86 Full Pack[h33t][Dave3737]\Autodesk Maya 2010 X86 Full Pack[h33t][Dave3737].exe a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\-Jigsaw-\My Documents\Downloads\Autodesk Maya 2010 X86 Full Pack[h33t][Dave3737]\Maya2010_Win32 setup\Crack\xf-maya2010.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

The computer is running fine now. A second run of Malware bytes tells me nothing malicious is on here, as done a scan from NOD32. The constant redirection of webpages has also ceased.

#8
ali.B

Posted 08 May 2011 - 02:49 PM

Trusted Helper

Malware Removal
3,086 posts

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply

#9
J1gsaw

Posted 08 May 2011 - 04:17 PM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 5/9/2011 8:14:40 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\-Jigsaw-\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 9.65 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JIGSAW | User Name: -Jigsaw- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (ESLWireAC) -- C:\WINDOWS\system32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lgmdmdm) -- C:\WINDOWS\system32\drivers\lgmdmdm.sys (MCCI Corporation)
DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\lgmdmgmt.sys (MCCI Corporation)
DRV - (lgmdobex) -- C:\WINDOWS\system32\drivers\lgmdobex.sys (MCCI Corporation)
DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\WINDOWS\system32\drivers\lgmdbus.sys (MCCI Corporation)
DRV - (lgmdmdfl) -- C:\WINDOWS\system32\drivers\lgmdmdfl.sys (MCCI Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/01 03:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 20:28:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 10:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/04/09 20:59:19 | 000,000,000 | ---D | M]

[2009/04/09 00:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Extensions
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions
[2009/09/02 16:06:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 20:33:31 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2)
[2010/04/10 02:16:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/29 21:30:06 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\DTToolbar@toolbarnet(2).com
[2009/11/29 21:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\[email protected]
[2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\conduit.xml
[2009/04/29 08:07:33 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\daemon-search.xml
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/15 21:53:07 | 000,000,000 | ---D | M] (Burn4Free Toolbar) -- C:\PROGRAM FILES\BURN4FREE TOOLBAR\V3.3.0.3\FIREFOX
[2009/11/16 22:39:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/05/08 13:37:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\-Jigsaw-\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 16:46:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 16:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\Desktop\Logs
[2011/05/08 16:16:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 14:49:47 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:35:59 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/05/08 14:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner
[2011/05/08 14:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011/05/08 14:21:09 | 003,676,946 | ---- | C] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 13:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/08 12:44:43 | 000,000,000 | ---D | C] -- C:\commy
[2011/05/08 12:27:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 12:18:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 12:18:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 12:18:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 12:18:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 12:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 12:17:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\Adobe
[2011/05/01 14:21:34 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/25 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\TikGames
[2011/04/25 00:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hasbro
[2011/04/25 00:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro
[2011/04/24 09:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\ESL Match Media
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roadkil.Net
[2011/04/16 17:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dungeon Siege 2
[2011/04/16 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/04/09 15:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\ESL Wire Game Client
[2011/04/09 15:13:33 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/09 15:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESL Wire
[2011/04/09 15:13:27 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2011/04/09 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2011/04/09 15:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2009/11/15 22:54:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.sys
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 23:45:12 | 000,255,241 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/08 17:16:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/08 17:16:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 16:16:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 15:26:55 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:49:52 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:36:06 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:50 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:21:37 | 003,676,946 | ---- | M] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 14:20:33 | 003,314,232 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:37:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/08 13:11:08 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/05/08 11:51:24 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/05/08 11:43:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 11:16:39 | 000,018,340 | -HS- | M] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/05/08 11:16:39 | 000,018,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/05/07 23:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/07 18:09:49 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/26 16:14:58 | 000,053,688 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/24 09:56:16 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESL Wire.lnk
[2011/04/23 17:32:14 | 000,155,836 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:05 | 000,197,354 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:15 | 000,298,989 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/18 12:10:56 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/17 01:06:48 | 000,487,199 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:06 | 000,247,065 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:58 | 000,313,425 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/04/16 17:06:17 | 000,000,150 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/04/16 16:36:46 | 002,108,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 20:24:35 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 20:24:35 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/09 15:19:53 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\UrbanTerror.lnk
[2011/04/09 14:35:32 | 000,018,519 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\x5cg.jpg
[2011/04/09 14:29:56 | 000,012,084 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\x5blacks.jpg
[2011/04/09 14:18:32 | 000,207,076 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\exile52.png
[2011/04/09 14:12:31 | 000,256,840 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\exile5s.png
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 15:07:29 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:21:50 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:20:07 | 003,314,232 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:11:07 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/05/08 12:27:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 12:18:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 12:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 12:18:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 12:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 12:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 10:24:25 | 000,018,340 | -HS- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/05/08 10:24:25 | 000,018,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/04/26 16:14:58 | 000,053,688 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/23 17:32:13 | 000,155,836 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:04 | 000,197,354 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:14 | 000,298,989 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/17 01:06:48 | 000,487,199 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:05 | 000,247,065 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:57 | 000,313,425 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/04/09 15:13:32 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ESL Wire.lnk
[2011/04/09 14:35:32 | 000,018,519 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\x5cg.jpg
[2011/04/09 14:29:55 | 000,012,084 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\x5blacks.jpg
[2011/04/09 14:18:32 | 000,207,076 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\exile52.png
[2011/04/09 14:12:31 | 000,256,840 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\exile5s.png
[2011/03/22 21:39:10 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/03/20 23:23:39 | 000,018,232 | -HS- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\r13fsel453rx
[2011/03/20 23:23:39 | 000,018,232 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\r13fsel453rx
[2011/02/26 11:19:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/01/24 15:22:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/24 15:22:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2011/01/20 13:13:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/08/27 18:58:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\MPQEditor.ini
[2010/07/17 06:50:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/09 16:29:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/08 16:34:56 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 17:33:59 | 000,000,466 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/27 23:01:31 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/03/06 14:02:57 | 001,333,620 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\NMM-MetaData.db
[2010/02/22 16:03:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009/12/25 22:20:49 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/25 21:32:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/12/25 21:13:39 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/15 22:54:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/15 22:54:26 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\ezpinst.exe
[2009/11/15 22:54:26 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.cat
[2009/11/15 22:54:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.inf
[2009/10/23 15:00:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\fusioncache.dat
[2009/10/14 21:21:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/08/02 22:56:02 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/07/24 03:43:03 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-3DStroke.exe
[2009/07/23 23:50:53 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/07/23 23:50:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/07/23 23:50:35 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/23 20:03:15 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2009/06/23 17:52:13 | 000,005,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpbthzbm.qqq
[2009/06/14 00:23:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\asr.INI
[2009/04/29 16:56:56 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 18:23:39 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/04/17 03:20:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\PnkBstrK.sys
[2009/04/17 03:20:24 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/15 23:28:02 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/13 23:14:55 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/10 01:07:07 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/10 01:06:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/04/09 21:34:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/09 19:48:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/09 00:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/08 19:36:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/08 19:34:04 | 002,108,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/08 16:48:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/08 16:44:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/24 14:11:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/24 14:11:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/08/24 14:11:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/24 14:11:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/08/24 14:11:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/24 14:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/24 14:11:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/08/24 14:11:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 19:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/27 16:13:51 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/07 10:17:40 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 10:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/07 10:17:39 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 10:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/07 10:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/07 10:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/07 10:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/07 10:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/07 10:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/07 10:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 04:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2009/10/02 14:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Autodesk
[2010/05/28 15:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Avnex
[2009/08/10 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Blender Foundation
[2009/12/05 00:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Codemasters
[2009/04/29 16:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools
[2009/04/29 08:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools Lite
[2010/03/21 16:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools Pro
[2009/11/25 18:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DVDCreator
[2009/10/03 22:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\fltk.org
[2010/07/17 03:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\GetRightToGo
[2009/12/13 09:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\gnupg
[2009/09/04 17:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\id Software
[2009/06/04 20:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Jasc
[2011/02/15 11:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\LG Electronics
[2010/04/15 04:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\MilkShape 3D 1.x.x
[2011/05/08 22:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Mumble
[2010/10/31 00:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Nokia
[2010/03/06 13:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\PC Suite
[2009/06/09 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Publish Providers
[2010/03/09 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Red Kawa
[2009/05/20 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Sony
[2009/04/10 14:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Sony Setup
[2011/05/09 08:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\uTorrent
[2009/11/15 22:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Vso
[2009/10/02 14:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/14 04:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump
[2009/04/29 08:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/21 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/04/09 20:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/04/09 15:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2010/04/05 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/05/01 03:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/14 04:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb
[2009/05/01 03:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/06 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2011/05/08 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2009/05/20 19:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/06 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/05/08 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/20 12:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/08 17:16:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#10
ali.B

Posted 10 May 2011 - 01:00 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/05/08 11:16:39 | 000,018,340 | -HS- | M] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/05/08 11:16:39 | 000,018,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mncleotu8bxhx2j6rih3pir8
[2011/03/20 23:23:39 | 000,018,232 | -HS- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\r13fsel453rx
[2011/03/20 23:23:39 | 000,018,232 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\r13fsel453rx

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#11
J1gsaw

Posted 10 May 2011 - 08:41 PM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 5/11/2011 8:48:49 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\-Jigsaw-\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 2.38 Gb Free Space | 0.40% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JIGSAW | User Name: -Jigsaw- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (ESLWireAC) -- C:\WINDOWS\system32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lgmdmdm) -- C:\WINDOWS\system32\drivers\lgmdmdm.sys (MCCI Corporation)
DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\lgmdmgmt.sys (MCCI Corporation)
DRV - (lgmdobex) -- C:\WINDOWS\system32\drivers\lgmdobex.sys (MCCI Corporation)
DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\WINDOWS\system32\drivers\lgmdbus.sys (MCCI Corporation)
DRV - (lgmdmdfl) -- C:\WINDOWS\system32\drivers\lgmdmdfl.sys (MCCI Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/01 03:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 20:28:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 10:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/04/09 20:59:19 | 000,000,000 | ---D | M]

[2009/04/09 00:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Extensions
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions
[2009/09/02 16:06:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 20:33:31 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2)
[2010/04/10 02:16:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/29 21:30:06 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\DTToolbar@toolbarnet(2).com
[2009/11/29 21:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\[email protected]
[2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\conduit.xml
[2009/04/29 08:07:33 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\daemon-search.xml
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/15 21:53:07 | 000,000,000 | ---D | M] (Burn4Free Toolbar) -- C:\PROGRAM FILES\BURN4FREE TOOLBAR\V3.3.0.3\FIREFOX
[2009/11/16 22:39:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/05/11 08:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\-Jigsaw-\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 16:46:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 08:43:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 00:03:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/10 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\GTA Vice City User Files
[2011/05/09 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Grand Theft Auto
[2011/05/09 23:52:55 | 000,000,000 | ---D | C] -- C:\GTA
[2011/05/09 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation_files
[2011/05/08 16:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\Desktop\Logs
[2011/05/08 16:16:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 14:49:47 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:35:59 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/05/08 14:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner
[2011/05/08 14:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011/05/08 14:21:09 | 003,676,946 | ---- | C] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 13:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/08 12:44:43 | 000,000,000 | ---D | C] -- C:\commy
[2011/05/08 12:27:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 12:18:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 12:18:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 12:18:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 12:18:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 12:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 12:17:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\Adobe
[2011/05/01 14:21:34 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/25 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\TikGames
[2011/04/25 00:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hasbro
[2011/04/25 00:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro
[2011/04/24 09:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\ESL Match Media
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roadkil.Net
[2011/04/16 17:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dungeon Siege 2
[2011/04/16 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/11/15 22:54:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.sys
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2011/05/11 08:47:42 | 000,254,909 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/11 08:47:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/11 08:46:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 08:46:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 08:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/10 19:15:05 | 000,001,293 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\Vice City.lnk
[2011/05/09 22:04:45 | 000,105,790 | R--- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\U9R41889.pdf
[2011/05/09 22:00:37 | 000,080,629 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation.html
[2011/05/08 16:16:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 15:26:55 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:49:52 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:36:06 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:50 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:21:37 | 003,676,946 | ---- | M] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 14:20:33 | 003,314,232 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:11:08 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/05/08 11:51:24 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/05/07 23:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/07 18:09:49 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/26 16:14:58 | 000,053,688 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/24 09:56:16 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESL Wire.lnk
[2011/04/23 17:32:14 | 000,155,836 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:05 | 000,197,354 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:15 | 000,298,989 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/18 12:10:56 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/17 01:06:48 | 000,487,199 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:06 | 000,247,065 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:58 | 000,313,425 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/04/16 17:06:17 | 000,000,150 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/04/16 16:36:46 | 002,108,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 20:24:35 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 20:24:35 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/09 23:56:31 | 000,001,293 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\Vice City.lnk
[2011/05/09 22:04:47 | 000,105,790 | R--- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\U9R41889.pdf
[2011/05/09 22:00:36 | 000,080,629 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation.html
[2011/05/08 15:07:29 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:21:50 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:20:07 | 003,314,232 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:11:07 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/05/08 12:27:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 12:18:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 12:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 12:18:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 12:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 12:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 16:14:58 | 000,053,688 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/23 17:32:13 | 000,155,836 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:04 | 000,197,354 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:14 | 000,298,989 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/17 01:06:48 | 000,487,199 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:05 | 000,247,065 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:57 | 000,313,425 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/03/22 21:39:10 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/02/26 11:19:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/01/24 15:22:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/24 15:22:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2011/01/20 13:13:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/08/27 18:58:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\MPQEditor.ini
[2010/07/17 06:50:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/09 16:29:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/08 16:34:56 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 17:33:59 | 000,000,466 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/27 23:01:31 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/03/06 14:02:57 | 001,333,620 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\NMM-MetaData.db
[2010/02/22 16:03:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009/12/25 22:20:49 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/25 21:32:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/12/25 21:13:39 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/15 22:54:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/15 22:54:26 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\ezpinst.exe
[2009/11/15 22:54:26 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.cat
[2009/11/15 22:54:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.inf
[2009/10/23 15:00:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\fusioncache.dat
[2009/10/14 21:21:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/08/02 22:56:02 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/07/24 03:43:03 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-3DStroke.exe
[2009/07/23 23:50:53 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/07/23 23:50:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/07/23 23:50:35 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/23 20:03:15 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2009/06/23 17:52:13 | 000,005,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpbthzbm.qqq
[2009/06/14 00:23:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\asr.INI
[2009/04/29 16:56:56 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 18:23:39 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/04/17 03:20:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\PnkBstrK.sys
[2009/04/17 03:20:24 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/15 23:28:02 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/13 23:14:55 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/10 01:07:07 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/10 01:06:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/04/09 21:34:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/09 19:48:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/09 00:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/08 19:36:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/08 19:34:04 | 002,108,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/08 16:48:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/08 16:44:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/24 14:11:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/24 14:11:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/08/24 14:11:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/24 14:11:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/08/24 14:11:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/24 14:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/24 14:11:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/08/24 14:11:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 19:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/27 16:13:51 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/07 10:17:40 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 10:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/07 10:17:39 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 10:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/07 10:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/07 10:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/07 10:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/07 10:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/07 10:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/07 10:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 04:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#12
ali.B

Posted 11 May 2011 - 01:24 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/08/02 22:56:02 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/06/23 17:52:13 | 000,005,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpbthzbm.qqq

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13
J1gsaw

Posted 11 May 2011 - 06:28 AM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 5/11/2011 10:25:19 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\-Jigsaw-\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 8.89 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JIGSAW | User Name: -Jigsaw- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (ESLWireAC) -- C:\WINDOWS\system32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lgmdmdm) -- C:\WINDOWS\system32\drivers\lgmdmdm.sys (MCCI Corporation)
DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\lgmdmgmt.sys (MCCI Corporation)
DRV - (lgmdobex) -- C:\WINDOWS\system32\drivers\lgmdobex.sys (MCCI Corporation)
DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\WINDOWS\system32\drivers\lgmdbus.sys (MCCI Corporation)
DRV - (lgmdmdfl) -- C:\WINDOWS\system32\drivers\lgmdmdfl.sys (MCCI Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/01 03:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 20:28:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 10:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/04/09 20:59:19 | 000,000,000 | ---D | M]

[2009/04/09 00:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Extensions
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions
[2009/09/02 16:06:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 20:33:31 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/11/29 21:30:02 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2)
[2010/04/10 02:16:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/29 21:30:06 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\DTToolbar@toolbarnet(2).com
[2009/11/29 21:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\extensions\[email protected]
[2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\conduit.xml
[2009/04/29 08:07:33 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Application Data\Mozilla\Firefox\Profiles\24mt2the.default\searchplugins\daemon-search.xml
[2011/04/29 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/15 21:53:07 | 000,000,000 | ---D | M] (Burn4Free Toolbar) -- C:\PROGRAM FILES\BURN4FREE TOOLBAR\V3.3.0.3\FIREFOX
[2009/11/16 22:39:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/05/11 08:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\-Jigsaw-\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 16:46:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 22:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/11 08:43:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 00:03:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/10 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\GTA Vice City User Files
[2011/05/09 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Grand Theft Auto
[2011/05/09 23:52:55 | 000,000,000 | ---D | C] -- C:\GTA
[2011/05/09 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation_files
[2011/05/08 16:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\Desktop\Logs
[2011/05/08 16:16:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 14:49:47 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:35:59 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/05/08 14:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner
[2011/05/08 14:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011/05/08 14:21:09 | 003,676,946 | ---- | C] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 13:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/08 12:44:43 | 000,000,000 | ---D | C] -- C:\commy
[2011/05/08 12:27:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 12:18:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 12:18:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 12:18:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 12:18:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 12:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 12:17:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\Adobe
[2011/05/01 14:21:34 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/25 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\TikGames
[2011/04/25 00:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hasbro
[2011/04/25 00:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro
[2011/04/24 09:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-Jigsaw-\My Documents\ESL Match Media
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net
[2011/04/16 20:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roadkil.Net
[2011/04/16 17:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dungeon Siege 2
[2011/04/16 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/11/15 22:54:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.sys
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2011/05/11 22:24:56 | 000,255,241 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/11 22:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/11 22:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 21:53:15 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 08:46:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 08:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/10 19:15:05 | 000,001,293 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\Vice City.lnk
[2011/05/09 22:04:45 | 000,105,790 | R--- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\U9R41889.pdf
[2011/05/09 22:00:37 | 000,080,629 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation.html
[2011/05/08 16:16:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTL.exe
[2011/05/08 15:26:55 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:49:52 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\-Jigsaw-\Desktop\RootRepeal.exe
[2011/05/08 14:36:06 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-Jigsaw-\Desktop\OTS.exe
[2011/05/08 14:21:50 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:21:37 | 003,676,946 | ---- | M] (SafeReturner Anti-Malware Studio ) -- C:\Documents and Settings\-Jigsaw-\Desktop\safereturner.exe
[2011/05/08 14:20:33 | 003,314,232 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:11:08 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/05/08 11:51:24 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/05/07 23:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\-Jigsaw-\Desktop\TDSSKiller.exe
[2011/04/26 16:14:58 | 000,053,688 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/24 09:56:16 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESL Wire.lnk
[2011/04/23 17:32:14 | 000,155,836 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:05 | 000,197,354 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:15 | 000,298,989 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/18 12:10:56 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/17 01:06:48 | 000,487,199 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:06 | 000,247,065 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:58 | 000,313,425 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | M] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/04/16 17:06:17 | 000,000,150 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/04/16 16:36:46 | 002,108,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 20:24:35 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 20:24:35 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/09 23:56:31 | 000,001,293 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\Vice City.lnk
[2011/05/09 22:04:47 | 000,105,790 | R--- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\U9R41889.pdf
[2011/05/09 22:00:36 | 000,080,629 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\confirmation.html
[2011/05/08 15:07:29 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\settings.dat
[2011/05/08 14:21:50 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safe Returner.lnk
[2011/05/08 14:21:50 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kill Rogue Process.lnk
[2011/05/08 14:20:07 | 003,314,232 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\regacesetup.exe
[2011/05/08 13:11:07 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\commy.exe
[2011/05/08 12:27:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/05/08 12:27:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 12:18:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 12:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 12:18:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 12:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 12:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 16:14:58 | 000,053,688 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\demotivation.us_Hold-F11-If-you-laugh-you-are-a-really-bad-person_130017821718.jpg
[2011/04/25 00:00:20 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2011/04/23 17:32:13 | 000,155,836 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\cat2.jpg
[2011/04/23 17:11:42 | 000,068,074 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\nyan_cat_timelapse_by_kingaby-d3dygfa.jpg
[2011/04/22 00:43:42 | 000,498,212 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Myth_Dragon_Wars.jpg
[2011/04/22 00:43:34 | 000,317,528 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Elektric_HD_desktop_theme.jpg
[2011/04/22 00:42:04 | 000,197,354 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\Fantasy-Dragon-14858-926778.jpeg
[2011/04/22 00:39:33 | 000,566,596 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\games-wallpapers-1920x1080.jpg
[2011/04/22 00:39:14 | 000,298,989 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\hellgate-london-hd-wallpapers.jpg
[2011/04/17 01:06:48 | 000,487,199 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302962153950.jpg
[2011/04/17 01:06:37 | 000,562,830 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964207168.jpg
[2011/04/17 01:06:33 | 001,459,661 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964079744.jpg
[2011/04/17 01:04:30 | 000,473,677 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963759950.jpg
[2011/04/17 01:04:26 | 000,334,263 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964150158.jpg
[2011/04/17 01:04:19 | 000,150,704 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963425149.jpg
[2011/04/17 01:04:11 | 000,090,057 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963975287.jpg
[2011/04/17 01:04:05 | 000,247,065 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302964233096.jpg
[2011/04/17 01:03:06 | 000,229,310 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958301309.jpg
[2011/04/17 01:02:42 | 000,730,453 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958479901.jpg
[2011/04/17 01:02:33 | 001,976,541 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302959587377.png
[2011/04/17 01:01:54 | 000,824,091 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958269992.jpg
[2011/04/17 00:59:57 | 000,313,425 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302958418807.jpg
[2011/04/17 00:58:43 | 000,242,705 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302965889483.jpg
[2011/04/17 00:58:16 | 000,765,869 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302963378886.jpg
[2011/04/17 00:52:48 | 000,028,385 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\My Documents\1302954701624.jpg
[2011/04/16 20:42:44 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2011/04/16 20:27:17 | 000,001,974 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Desktop\JFileRecovery.lnk
[2011/04/16 17:57:33 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2011/03/22 21:39:10 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/02/26 11:19:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/01/24 15:22:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/24 15:22:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2011/01/20 13:13:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/08/27 18:58:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\MPQEditor.ini
[2010/07/17 06:50:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/09 16:29:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/08 16:34:56 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 17:33:59 | 000,000,466 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/27 23:01:31 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/03/06 14:02:57 | 001,333,620 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\NMM-MetaData.db
[2010/02/22 16:03:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009/12/25 22:20:49 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/25 21:32:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/12/25 21:13:39 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/15 22:54:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/15 22:54:26 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\ezpinst.exe
[2009/11/15 22:54:26 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.cat
[2009/11/15 22:54:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\pcouffin.inf
[2009/10/23 15:00:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Local Settings\Application Data\fusioncache.dat
[2009/10/14 21:21:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/24 03:43:03 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-3DStroke.exe
[2009/07/23 23:50:53 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/07/23 23:50:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/07/23 23:50:35 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/23 20:03:15 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2009/06/14 00:23:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\asr.INI
[2009/04/29 16:56:56 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 18:23:39 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/04/17 03:20:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\-Jigsaw-\Application Data\PnkBstrK.sys
[2009/04/17 03:20:24 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/15 23:28:02 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/13 23:14:55 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/10 01:07:07 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/10 01:06:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/04/09 21:34:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/09 19:48:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/09 00:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/08 19:36:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/08 19:34:04 | 002,108,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/08 16:48:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/08 16:44:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/24 14:11:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/24 14:11:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/08/24 14:11:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/24 14:11:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/08/24 14:11:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/24 14:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/24 14:11:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/08/24 14:11:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 19:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/27 16:13:51 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/07 10:17:40 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 10:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/07 10:17:39 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 10:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/07 10:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/07 10:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/07 10:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/07 10:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/07 10:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/07 10:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 04:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2009/10/02 14:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Autodesk
[2010/05/28 15:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Avnex
[2009/08/10 11:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Blender Foundation
[2009/12/05 00:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Codemasters
[2009/04/29 16:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools
[2009/04/29 08:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools Lite
[2010/03/21 16:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DAEMON Tools Pro
[2009/11/25 18:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\DVDCreator
[2009/10/03 22:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\fltk.org
[2010/07/17 03:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\GetRightToGo
[2009/12/13 09:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\gnupg
[2009/09/04 17:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\id Software
[2009/06/04 20:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Jasc
[2011/02/15 11:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\LG Electronics
[2010/04/15 04:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\MilkShape 3D 1.x.x
[2011/05/08 22:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Mumble
[2010/10/31 00:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Nokia
[2010/03/06 13:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\PC Suite
[2009/06/09 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Publish Providers
[2010/03/09 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Red Kawa
[2009/05/20 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Sony
[2009/04/10 14:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Sony Setup
[2011/05/11 22:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\uTorrent
[2009/11/15 22:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-Jigsaw-\Application Data\Vso
[2009/10/02 14:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/14 04:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump
[2009/04/29 08:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/21 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/04/09 20:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/04/09 15:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2010/04/05 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/05/01 03:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/14 04:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb
[2009/05/01 03:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/06 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2011/05/08 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2009/05/20 19:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/06 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/05/11 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/20 12:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 22:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#14
J1gsaw

Posted 11 May 2011 - 06:28 AM

New Member

Topic Starter
Member
9 posts

#15
ali.B

Posted 11 May 2011 - 07:21 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Congratulations your logs appear clean :unsure:

Reset and Re-enable your System Restore

Open OTL
Under the Custom Scans/Fixes box at the bottom, paste the following:
```
:Commands
[clearallrestorepoints]
[createrestorepoint]
```
Click the Run Fix button at the top
It might ask you to reboot, if so click YES

NEXT

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

Keep Your windows up to date by regularly checking their website at:
http://windowsupdate.microsoft.com/
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Click Here to learn how to keep a backup of your important files
FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.