1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Help against hacker in my system

Discussion in 'Malware Removal Help' started by roy1972, Apr 16, 2013.

  1. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hello,

    For several months I have been receiving port scans which my sygate firewall always informs me of. The remote IP address was initially "58.218.199.250" and its associated MAC is always "00-14-F1-E9-EA-DA", and its somewhere in China. I get random port scans from other IP addresses and assumed they were different computers, however I recently seen they all had the exact same MAC address as above guy from China.

    That is not the only problem.

    On a regular basis my computer applications - even security ones like AVG and SuperAntiSpyware - are stopped from accessing the internet by my sygate firewall which informs me the programs have changed recently. Because I have always assumed its simply AVG updating itself I usually allow the file change, but then immediately sygate informs me of an application hijacking attempt, and this then followed by MAC spoofing, but MOST worrying of all is the remote address involved with these hijackings and mac spoofings (and port scans) is the exact same MAC address (given above), and usually its associated IP (also above) although sometimes the IP changes but mac doesnt.

    My communications online and through my security software - according to logs - are being intercepted through above IP and MAC address. Please continue to read.

    Sometimes (more recently) the suspect remote IP has changed and become almost identical to my own IP except the end digit is wrong and obviously the mac address (same suspect one above) is completely different from my own. Its almost as though its trying to trick my sygate into thinking its my computer but sygate is (hopefully) detecting it all of the time.

    I believe my communications are being intercepted by this remote ip user who may be monitoring everything I do online. I have setup in my sygate, some advanced rules specific to stopping above mac address and several other IPs it uses. Despite this sygate still reports these attempts. The attacking MAC address is also in contact with my windows system32 file NDISUIO.SYS - which I have sygate block from accessing internet, if that helps at all.

    I recently seen traffic log which was very disturbing. I logged into my google account and after doing so my traffic log showed under "REMOTE HOST" this - "accounts.google.com[173.194.67.84]" and the remote MAC was the SAME culprit who has been port scanning me that I have already given above. This is very disturbing to me and I can post these recent logs if required. Let me just repeat that my IP and MAC address are NOT the attacking one mentioned above. My MAC address is completely different.

    My sygate traffic log occasionally shows this statement in the column for "rule name" :-
    "GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100".

    This is often the action carried out by the attacking remote IP and MAC mentioned above. It looks to my untrained eye as though he is able to allow himself past my sygate firewall, because I have NO rules allowing this and in fact all the rules I created (about 8) are specifically to block ip and mac address.

    On top of all this I often hear the hard disk being accessed even though no scheduling of any kind should be taking place. I know how paranoid this may all sound but I am heavily suspicious something is happening.

    I am somewhat computer literate and my internet skills could definitely be better, but it appears to me as though every time an application is wanting access - or has recently been changed - the IP and mac address always involved is the one I constantly get port scans from.

    I have saved a small section of packet logs, traffic logs, and security logs into an excel spreadsheet that I could upload if you guys want more info, but I would think it best I remove my own IP and MAC address etc before posting it to a public forum.

    Could someone please help with these problems and let me know asap if you need to view the logs I mentioned and I will post them.

    Many thanks,

    Roy.
     
  2. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    I have a few questions and a suggestion:
    Are you connected to the internet via a wireless router? If you are on a wireless netork is it secured and assuming that it is have you reset the security settings and your access passowrd.

    I strongly urge you follow the preparation for malware removal process suggested HERE, but will do so if and when this is taken over by our Malware Removal Specialists.
     
  3. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    No I am not connect via wireless, I have always used direct connection and never turned on the wireless option on that router. There is not even now any wireless capability on my computer.

    A few months ago my router gave up and I had to disconnect it. I now use only a modem with direct wire connection to my ethernet card in pc. My worry is the fact that the MAC address which is port scanning me is also the exact remote MAC address showing up in traffic logs whenever I log into googlemail. Obviously googlemaiil doesnt do port scans so with my limited knowledge of computers I am worried my information is being intercepted before being connected to the net.
    I will check out the malware removal process too but was hoping for more info first before I go down that route, because all my security scans of my entire hard drive are not showing anything malware.

    Thanks.
     
  4. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    I am in progress of downloading and doing the suggested malware scans. I will repost the results soon as they are complete.

    Thanks.
     
  5. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Image1.jpg Image2.jpg I am still doing scans etc. MalwareBytes came back with nothing whatsoever. I am continuing with others you recommended and will post results soon.

    For now can you view the two attachment images above to get a clear idea of what I mean. Both are portions of my security log and traffic log in sygate. Note the MAC address that port scans me is the same one that is showing when IP has me connected to my gmail account. Does this not mean I am connecting to hackers computer before being forwarded onto my gmail ?


    Thanks.
     
  6. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    I have completed the scans. They are attached.

    Thanks in advance.
     

    Attached Files:

  7. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    Hi Roy. Please copy and paste the logs contents into your reply post rather than links.
    One of our Malware specialists should be along shortly to advise you further.
    Thanks for being patient.
     
  8. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    I will post each file separately.
    MALWARE BYTES LOG :-

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.16.09

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Administrator :: EXPERIENCE [administrator]

    16/04/2013 22:38:35
    mbam-log-2013-04-16 (22-38-35).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 345213
    Time elapsed: 1 hour(s), 45 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    OTL LOG :-

    OTL logfile created on: 17/04/2013 16:46:03 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.02% Memory free
    3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 49.83 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

    Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
    PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\bb044cd004af2e4fb1375e507a27db56\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\666b46e6cb9abe4dbe6c6dfcc8568cf3\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\1a030f7a6283454da01a2b1af8e577ff\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\68797bd1efbfae44bff716cb63911472\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\36d9e0cf6c5af34f987c77820faa0084\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5d3d529b23845f47993cc1fd34f294fa\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\42c974e2ff259548b7a092975e4f9334\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\system32\Primomonnt.dll ()
    MOD - C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\Sygate\SPF\SyLink.dll ()
    MOD - C:\Program Files\Sygate\SPF\tse.dll ()
    MOD - C:\Program Files\Sygate\SPF\SpNet.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (vToolbarUpdater14.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (portio32) -- system32\drivers\portio32.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys ()
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
    DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (CV2K1) -- C:\WINDOWS\system32\drivers\cv2k1.sys (TamoSoft, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (se27unic) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
    DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
    DRV - (se27nd5) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
    DRV - (SE27mgmt) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
    DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
    DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
    DRV - (SE27bus) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (ts_lb) -- C:\WINDOWS\system32\drivers\ts_lb.sys (TamoSoft, Inc.)
    DRV - (wg6n) -- C:\WINDOWS\system32\drivers\wg6n.sys (Sygate Technologies, Inc.)
    DRV - (wg5n) -- C:\WINDOWS\system32\drivers\wg5n.sys (Sygate Technologies, Inc.)
    DRV - (wg4n) -- C:\WINDOWS\system32\drivers\wg4n.sys (Sygate Technologies, Inc.)
    DRV - (wg3n) -- C:\WINDOWS\system32\drivers\wg3n.sys (Sygate Technologies, Inc.)
    DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
    DRV - (Teefer) -- C:\WINDOWS\system32\drivers\Teefer.sys (Sygate Technologies, Inc.)
    DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
    IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...c2decf7d34c&lang=us&ds=AVG&pr=fr&d=2011-12-12 16:59:19&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43"
    FF - prefs.js..extensions.enabledAddons: %7B3DB5ABE1-407D-458F-AD5D-8D89BD625CCC%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100008
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
    FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}:4.6.6.8
    FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
    FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
    FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.10
    FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
    FF - prefs.js..keyword.URL: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/15 22:14:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox [2011/07/09 00:23:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/03/23 20:13:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/16 03:08:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:23:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 01:23:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/17 14:47:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/21 00:27:54 | 000,000,000 | ---D | M]

    [2009/07/23 03:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/07/30 19:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\daftbackup delete if all well\Profiles\n9tszq57.default\extensions
    [2013/04/10 22:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions
    [2011/05/11 01:17:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
    [2013/04/10 22:53:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/03/16 06:23:29 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
    [2013/02/25 15:11:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/12/27 02:13:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011/04/26 23:00:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\illimitux@illimitux.net
    [2011/11/10 23:19:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\toolbar@ask.com
    [2013/03/10 21:38:57 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\artur.dubovoy@gmail.com.xpi
    [2013/02/23 20:32:13 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\firebug@software.joehewitt.com.xpi
    [2013/02/15 20:39:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2009/10/06 21:55:31 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchalot.xml
    [2009/10/06 21:56:45 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchgeek.xml
    [2009/10/06 21:56:25 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\snappy-words.xml
    [2012/10/16 03:20:23 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\Web Search.xml
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}
    [2013/04/12 01:23:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/03/23 20:13:40 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/12/27 02:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 20:53:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_1\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_1\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_2\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_2\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_4\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_4\
    CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.4_0\
    CHR - Extension: Ghostery = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
    CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/21 17:52:14 | 000,785,565 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1localhost
    O1 - Hosts: 127.0.0.1 .impresionesweb.com
    O1 - Hosts: 127.0.0.1 .banners.publipagos.com
    O1 - Hosts: 127.0.0.1 .publipagos.com
    O1 - Hosts: 127.0.0.1 v3.publipagos.com
    O1 - Hosts: 127.0.0.1 red.as-eu.falkag.net
    O1 - Hosts: 127.0.0.1 .googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead1.googlesyndication.com
    O1 - Hosts: 127.0.0.1 morannon.fok.nl
    O1 - Hosts: 127.0.0.1 ad.firstadsolution.com
    O1 - Hosts: 127.0.0.1 .clicktorrent.info
    O1 - Hosts: 127.0.0.1.aavc.com
    O1 - Hosts: 127.0.0.1.acjp.com
    O1 - Hosts: 127.0.0.1.ebav.com
    O1 - Hosts: 127.0.0.1.ebaw.com
    O1 - Hosts: 127.0.0.1.ebch.com
    O1 - Hosts: 127.0.0.1.ebdv.com
    O1 - Hosts: 127.0.0.1.ebdw.com
    O1 - Hosts: 127.0.0.1.ebgo.com
    O1 - Hosts: 127.0.0.1.ebjp.com
    O1 - Hosts: 127.0.0.1.ebkb.com
    O1 - Hosts: 127.0.0.1.ebkn.com
    O1 - Hosts: 127.0.0.1.ebky.com
    O1 - Hosts: 127.0.0.1.eblv.com
    O1 - Hosts: 26658 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [AVGTRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk = C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C6BF1D7-281C-461D-A3F1-48F07ED56B84}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/16 22:26:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2013/04/16 19:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ERUNT
    [2013/04/16 19:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/04/16 19:22:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2013/04/16 19:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/16 01:23:53 | 004,109,664 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Administrator\Desktop\TESTER.exe
    [2013/04/14 23:25:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2013/04/14 07:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/04/12 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
    [2013/04/12 01:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/04/08 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2013/03/23 20:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
    [2013/03/23 20:13:34 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/03/21 17:28:03 | 000,098,304 | ---- | C] (Oki Data Corporation) -- C:\WINDOWS\System32\OPSTMB00.EXE
    [2012/10/16 03:20:00 | 000,442,048 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Administrator\Application Data\vioer.exe
    [2012/10/16 03:19:38 | 006,312,677 | ---- | C] (VIO ) -- C:\Documents and Settings\Administrator\Application Data\vio_clean.exe
    [2012/10/16 03:19:36 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Documents and Settings\Administrator\Application Data\satoolbar.exe
    [2009/07/23 03:42:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/17 16:47:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    [2013/04/17 16:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/04/17 16:21:12 | 000,048,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Image1.jpg
    [2013/04/17 16:21:01 | 000,049,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Image2.jpg
    [2013/04/17 16:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/04/17 15:59:19 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/17 15:59:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job
    [2013/04/17 15:49:46 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2013/04/17 05:16:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/04/17 03:47:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    [2013/04/16 22:27:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/16 22:27:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/04/16 21:48:45 | 117,644,318 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2013/04/16 19:32:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/04/16 19:28:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/16 19:25:22 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/16 19:24:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2013/04/16 19:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/15 17:22:38 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ndisuio.sys.lnk
    [2013/04/15 17:04:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/15 16:52:58 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DOLLARD NEW.lnk
    [2013/04/15 16:36:15 | 000,009,818 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PORT SCANS RECENTLY.rtf
    [2013/04/15 12:12:54 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ebony likes it slow Redtube Free Ebony Porn Videos, Blowjob Movies & Cumshot Clips.URL
    [2013/04/15 11:57:41 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Artorious Rex Discovered By Alan Wilson Pt 1 of 10 Parts.URL
    [2013/04/14 23:25:32 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2013/04/13 00:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/12 23:53:56 | 000,186,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/08 02:14:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/03/31 20:09:51 | 000,392,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/31 20:09:51 | 000,058,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/23 20:12:59 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/03/21 17:28:03 | 000,098,304 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\System32\OPSTMB00.EXE
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/17 16:21:12 | 000,048,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Image1.jpg
    [2013/04/17 16:21:01 | 000,049,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Image2.jpg
    [2013/04/16 19:28:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/16 19:25:22 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/15 17:22:38 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ndisuio.sys.lnk
    [2013/04/15 17:03:58 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/15 16:52:57 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DOLLARD NEW.lnk
    [2013/04/15 12:12:54 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ebony likes it slow Redtube Free Ebony Porn Videos, Blowjob Movies & Cumshot Clips.URL
    [2013/04/15 11:57:41 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Artorious Rex Discovered By Alan Wilson Pt 1 of 10 Parts.URL
    [2013/04/08 02:14:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/03/21 01:38:57 | 000,009,818 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PORT SCANS RECENTLY.rtf
    [2012/08/10 18:28:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
    [2011/10/29 01:43:44 | 000,179,712 | ---- | C] () -- C:\WINDOWS\System32\DPUNINST.DLL
    [2011/06/06 07:03:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/06/06 07:03:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/21 09:29:13 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2011/01/05 00:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\AstroViewer 3.1.3-Path
    [2009/09/30 16:11:14 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
    [2009/07/25 18:31:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\.gtk-bookmarks
    [2009/07/25 18:29:06 | 000,205,905 | ---- | C] () -- C:\Documents and Settings\Administrator\.fonts.cache-1
    [2009/07/23 04:02:43 | 000,186,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/23 03:43:04 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
    [2009/07/23 03:42:37 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
    [2009/07/23 03:42:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
    [2009/07/23 03:42:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf

    ========== ZeroAccess Check ==========

    [2009/07/23 02:23:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/01 13:00:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2006/10/01 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006/10/01 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2009/07/30 00:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
    [2009/12/21 22:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\abgx360
    [2012/01/05 15:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
    [2011/12/26 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
    [2012/01/18 04:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Balabolka
    [2011/03/30 17:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cacaoweb
    [2011/03/01 22:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
    [2009/10/14 23:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
    [2013/04/08 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
    [2009/11/12 02:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ChessBase
    [2012/10/16 03:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
    [2009/07/23 04:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit
    [2010/06/22 02:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\funkitron
    [2009/08/04 15:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
    [2009/11/17 14:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gmail Backup
    [2010/01/14 01:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabIt
    [2009/11/04 22:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
    [2013/01/24 23:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kingsoft
    [2010/05/03 23:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neoretix
    [2009/07/23 03:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2012/05/12 01:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
    [2010/03/10 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pdfsvg
    [2013/04/11 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrimoPDF
    [2010/03/11 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TamoSoft
    [2009/07/23 17:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
    [2009/11/17 14:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
    [2013/04/03 01:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2013/03/17 22:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
    [2011/08/04 13:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2013/03/23 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2011/02/14 22:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/12/02 16:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/10/14 23:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2009/11/12 02:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
    [2011/07/09 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodecCheck
    [2011/03/17 01:18:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/03/10 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copistar
    [2009/12/23 06:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCenter
    [2009/08/04 15:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/10/16 03:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
    [2011/07/11 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/01/24 23:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
    [2010/12/02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/23 13:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPLMNB00
    [2012/10/16 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
    [2011/07/09 00:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
    [2010/07/21 05:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
    [2010/09/23 17:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/03/11 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TamoSoft
    [2009/07/23 04:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2013/01/16 23:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/07/23 03:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/08/25 02:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

    ========== Purity Check ==========



    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: Hitachi HDT725040VLA360
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 373.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    < %SYSTEMDRIVE%\*.* >
    [2011/12/16 04:22:53 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2012/07/24 15:50:47 | 000,143,987 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/23 01:58:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2009/02/09 19:24:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/10/01 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/10/01 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2012/12/19 21:09:16 | 530,579,456 | ---- | M] () -- C:\ophcrack-vista-livecd-3.4.0.iso
    [2013/04/16 22:27:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2013/03/05 14:42:15 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/01 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
    [2006/08/09 12:04:00 | 000,025,036 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\OPLWPP3.DLL

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2010/02/18 17:23:03 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys
    [2010/02/18 17:06:42 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
    [2010/02/18 17:06:42 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd3021.sys

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2009/07/23 02:47:06 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/07/23 02:47:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/07/23 02:47:06 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\* >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    < >
    [2009/07/23 02:02:14 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/07/23 02:06:09 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2009/07/23 04:29:29 | 000,000,958 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    [2009/07/23 04:29:30 | 000,001,010 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    [2010/05/03 23:07:43 | 000,000,250 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2010/07/21 05:21:32 | 000,000,486 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2011/03/22 03:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/22 03:10:53 | 000,000,900 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/24 23:44:04 | 000,000,378 | ---- | C] () -- C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
    [2013/03/08 20:20:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

    ========== Files - Unicode (All) ==========
    [2013/04/15 11:57:02 | 000,000,286 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\Tracing British History? By Alan Wilson.URL) -- C:\Documents and Settings\Administrator\Desktop\Tracing British History‏ By Alan Wilson.URL
    [2013/04/15 11:57:02 | 000,000,286 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\Tracing British History? By Alan Wilson.URL) -- C:\Documents and Settings\Administrator\Desktop\Tracing British History‏ By Alan Wilson.URL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
    @Alternate Data Stream - 12 bytes -> C:\Documents and Settings\Administrator\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD7C5005
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >
     
  10. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    EXTRAS LOG :-

    OTL Extras logfile created on: 17/04/2013 16:46:03 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.02% Memory free
    3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 49.83 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

    Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Notepad] -- Reg Error: Key error.
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
    "F:\D-Link.exe" = F:\D-Link.exe:*:Enabled:Setup Wizard Template
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
    "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
    "C:\Program Files\NWPS\NetScanTools\PROGRAM\NST32.exe" = C:\Program Files\NWPS\NetScanTools\PROGRAM\NST32.exe:*:Enabled:NetScanTools Program -- (Northwest Performance Software, Inc.)
    "C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Disabled:Medieval_TW -- (Creative Assembly)
    "C:\Program Files\WebFerret\WebFerret.exe" = C:\Program Files\WebFerret\WebFerret.exe:*:Enabled:WebFerret 6.0 -- (CNET Networks)
    "E:\D-Link.exe" = E:\D-Link.exe:*:Enabled:Setup Wizard Template
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
    "C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe" = C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe:*:Enabled:Adobe Digital Editions -- (Adobe Systems, Inc.)
    "C:\Program Files\SmartWhois\sw.exe" = C:\Program Files\SmartWhois\sw.exe:*:Enabled:SmartWhois -- (TamoSoft)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\vghd\bin\Virtuagirl_Downloader.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\vghd\bin\Virtuagirl_Downloader.exe:*:Enabled:DLManager
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200F62A0-CB7C-4F57-8E79-45D92E901DA2}" = GoGear SA3MXX Device Manager
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{284F3B48-63FC-4AB9-8FD9-18047839FC81}" = GoGear SA3MXX Device Manager
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
    "{2F143483-68D6-4234-9346-724056818193}" = ATI Catalyst Control Center
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
    "{3EE385C4-78B0-4952-9620-BBB8ABB7F9F7}" = Readon TV Movie Radio Player 7.0.0.0
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{507B0A37-D911-4965-A5A8-3B2568003310}" = Readon TV Movie Radio Player 5.9.0.0
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 2.5
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9509674F-3972-11DE-806D-005056806466}" = Google Earth
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AFAD9270-8FB4-4358-A199-662741E2A3B6}" = OKI B4400 Status Monitor
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
    "{ba1ff8e9-57c1-4edf-93d8-2aca354ff5b2}" = Graboid Video 3.55 Setup
    "{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
    "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
    "{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
    "{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
    "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
    "{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
    "{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
    "{CA4112B4-D463-11D6-A50B-00105A9B8420}" = OKI Status Monitor
    "{CCD6072D-7813-40FD-88B3-ED1ACBCACECC}" = RuntimeLibsVC05
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
    "{D446C53D-1305-454D-B258-6D926C8B3C9E}" = Garmin City Navigator Europe NT 2009 Update
    "{D522E0A8-2862-49A7-90DC-231179A3DD61}" = Net Scan
    "{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
    "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
    "{FE250F55-8824-4B86-B2C6-317E7E928101}" = Belkin F5D5005 Gigabit Desktop PCI Card Driver
    "abgx360" = abgx360 v1.0.2
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro (remove only)
    "Agent Ransack_is1" = Agent Ransack Version 1.7.3
    "All ATI Software" = ATI - Software Uninstall Utility
    "All Video Converter_is1" = All Video Converter 1.0
    "Amusive Chess_is1" = Amusive Chess
    "Any Video Converter_is1" = Any Video Converter 2.6.2
    "AstroViewer 3.1.3" = AstroViewer 3.1.3
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.3
    "AVG Secure Search" = AVG Security Toolbar
    "AVG9Uninstall" = AVG Free 9.0
    "AVS Document Converter_is1" = AVS Document Converter 1.0.3
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "Balabolka" = Balabolka
    "BIMPLite" = BIMP Lite 1.62
    "BitTornado" = BitTornado 0.3.7
    "BlindWrite 5_is1" = BlindWrite5
    "CBLight 2009" = CBLight 2009
    "CommView" = CommView
    "Crossrider" = Crossrider Web Apps
    "dBpowerAMP Music Converter" = dBpowerAMP Music Converter
    "Delphi 2.0" = Delphi 2.0
    "Digital Editions" = Adobe Digital Editions
    "DigitalEditions" = Digital Editions Converter
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "ERUNT_is1" = ERUNT 1.1j
    "ESDX5000_CX4900 User's Guide" = ESDX5000_CX4900 User's Guide
    "ESET Online Scanner" = ESET Online Scanner v3
    "File Shredder_is1" = File Shredder 2.0
    "FolderSizes_is1" = FolderSizes 3.4
    "Foxit Reader_is1" = Foxit Reader
    "GIF Animator" = Microsoft GIF Animator
    "gmailbackup" = Gmail Backup
    "Google Chrome" = Google Chrome
    "Google Video Uploader" = Google Video Uploader
    "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
    "Graboid Video" = Graboid Video 3.55
    "HijackThis" = HijackThis 2.0.2
    "HTMLKit_is1" = HTML-Kit
    "ImgBurn" = ImgBurn
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3375)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Max Data Recovery" = Max Data Recovery 1.7
    "Medieval - Total War (TM) - Viking Invasion (TM)" = Medieval - Total War (TM) - Viking Invasion (TM)
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
    "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
    "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "My Screen Recorder Pro_is1" = My Screen Recorder Pro 2.48
    "NetScanToolsV3.01" = NetScanTools 3.01
    "NetworkActiv PIAFCTM 1.5" = NetworkActiv PIAFCTM 1.5
    "nLite_is1" = nLite 1.4.9.1
    "Opera 12.14.1738" = Opera 12.14
    "Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (ESD)
    "PoiEdit" = PoiEdit
    "Poker Superstars Invitational_is1" = Poker Superstars Invitational
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "PrimoPDF3.1" = PrimoPDF
    "Recuva" = Recuva (remove only)
    "Redtube Video Downloader_is1" = Redtube Video Downloader 3.23
    "Simple Family Tree" = Simple Family Tree (remove only)
    "SmartWhois" = SmartWhois
    "SpeedFan" = SpeedFan (remove only)
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "Starry Night CSAP" = Starry Night CSAP
    "Swiff Player_is1" = Swiff Player 1.5
    "Ultra WMV Converter_is1" = Ultra WMV Converter 2.1.2
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.1
    "WebFerret" = WebFerret
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.40
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "XoftSpy" = XoftSpy
    "ZSoft Uninstaller" = ZSoft Uninstaller 2.3.3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Pawn 3" = Pawn 3

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/10/2012 23:19:15 | Computer Name = EXPERIENCE | Source = | ID = 0
    Description =

    Error - 16/10/2012 15:30:12 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application divx plus player.exe, version 10.3.3.16, faulting
    module qtcore4.dll, version 4.5.0.0, fault address 0x000e1b16.

    Error - 15/01/2013 20:08:17 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    Error - 15/01/2013 20:27:21 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    Error - 15/01/2013 21:44:47 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    Error - 16/01/2013 21:02:08 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    unknown, version 0.0.0.0, fault address 0x7f17ad80.

    Error - 31/01/2013 18:03:32 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    Error - 23/02/2013 21:30:55 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    unknown, version 0.0.0.0, fault address 0x7fce6d9c.

    Error - 23/02/2013 23:14:19 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    Error - 27/02/2013 00:03:32 | Computer Name = EXPERIENCE | Source = Application Error | ID = 1000
    Description = Faulting application safari.exe, version 5.33.20.27, faulting module
    safari.dll, version 5.33.20.27, fault address 0x000919b2.

    [ System Events ]
    Error - 21/02/2010 03:10:05 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 23/02/2010 07:16:17 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 26/02/2010 03:17:16 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 28/02/2010 12:32:53 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 02/03/2010 14:40:51 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 06/03/2010 13:04:37 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 08/03/2010 13:38:40 | Computer Name = EXPERIENCE | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 13/03/2010 03:09:15 | Computer Name = EXPERIENCE | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer OKI B4400 share name Printer2.

    Error - 15/03/2010 08:49:19 | Computer Name = EXPERIENCE | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer OKI B4400 share name Printer2.

    Error - 19/03/2010 02:45:47 | Computer Name = EXPERIENCE | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer OKI B4400 share name Printer2.


    < End of report >
     
  11. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    ASWMBR LOG :-

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-17 17:01:50
    -----------------------------
    17:01:50.828 OS Version: Windows 5.1.2600 Service Pack 2
    17:01:50.828 Number of processors: 2 586 0xF06
    17:01:50.828 ComputerName: EXPERIENCE UserName:
    17:01:52.421 Initialize success
    17:02:32.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:02:32.687 Disk 0 Vendor: Hitachi_HDT725040VLA360 V5COA7EA Size: 381554MB BusType: 3
    17:02:32.765 Disk 0 MBR read successfully
    17:02:32.765 Disk 0 MBR scan
    17:02:32.765 Disk 0 Windows XP default MBR code
    17:02:32.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381543 MB offset 63
    17:02:32.765 Disk 0 scanning sectors +781401600
    17:02:32.796 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:02:36.765 Service scanning
    17:02:39.687 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
    17:02:43.890 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    17:02:45.765 Modules scanning
    17:03:17.593 Disk 0 trace - called modules:
    17:03:17.625 ntoskrnl.exe >>UNKNOWN [0x8a5cb9c0]<<
    17:03:17.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4abab8]
    17:03:17.625 \Driver\Disk[0x8a558f38] -> IRP_MJ_CREATE -> 0x8a5cb9c0
    17:03:17.625 Scan finished successfully
    17:03:44.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    17:03:44.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

    Thats all done.

    Thanks very much for your time.
     
  12. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    Hi Roy, I have sent messages to our Malware Guys.Sorry for the time delay.
     
  13. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, roy1972.
    My name is etavares and I will be helping you with this log.

    Here are some guidelines to ensure we are able to get your machine back under your control.

    • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
    • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
    • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
    • Please reply within 3 days to be fair to other people asking for help.
    • When in doubt, please stop and ask first. There's no harm in asking questions!


    P2P Warning and Request
    The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.







    Ask Toolbar Warning"

    I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

    Please see here for more information:
    http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

    If you would like to remove it, please go to add/Remove Programs and uninstall it.







    Step 1


    Please ZIP this file and attach it in your reply:
    C:\Documents and Settings\Administrator\Desktop\MBR.dat

    Also, did you edit your HOSTS file?



    Step 2

    Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

    Crossrider Web Apps


    Be sure to reboot when done.



    Step 3

    We need run an OTL Script
    1. Please download OTL from one of the following mirrors if you do not still have it.
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Paste the following code under the Custom Scans/Fixes box at the bottom.
      Code:
      :OTL
      DRV - (WDICA) -- File not found
      DRV - (portio32) -- system32\drivers\portio32.sys File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (i2omgmt) -- File not found
      DRV - (Changer) -- File not found
      IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
      IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      FF - prefs.js..browser.startup.homepage: "http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43"
      FF - prefs.js..keyword.URL: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query="
      CHR - default_search_provider: search_url = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
      O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
      @Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
      @Alternate Data Stream - 12 bytes -> C:\Documents and Settings\Administrator\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
      :files
      C:\Program Files\CrossriderWebApps
      C:\Documents and Settings\Administrator\Application Data\satoolbar.exe
      
    5. Click the Run Fix button at the top.
    6. let the program run unhindered and reboot when it is done.
    7. You will get a log when it is done, please post that in your reply.
    8. Please then create a new OTL report....
    9. Click the "Scan All Users" checkbox.
    10. Push the [​IMG] button.
    11. A report will open, copy and paste it in a reply here.



    Step 4

    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply



    Step 5



    Next, please download ComboFix from one of these locations:
    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on etavaresCF.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

    etavares
     
  14. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    This is now being moved to Malware Removal where the usual rules apply. For the benefit of the member you should only reply to posts from etavares or, in his absence, Starbuck. You may ask another staff member for guidance in this thread on how to perform tasks but otherwise all posts other than yours or the experts will be removed.
     
  15. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Let me just say you guys offer amazing advice and I don't want you to be annoyed but I became a little impatient and worried so went out and bought Norton 360 Gold Edition from PcWorld. I installed this last night and ran scans etc. Before purchasing this I had an old disk that came with my computer few years back called MiniPE. I had this already in the cd drive prior to installing Norton and prior to posting on here. MiniPE allowed me to boot into XP pro from disk thus avoiding any potential hacker in my system while I was also offline. I used this MiniPE at the time because I was using its built-in Windows Explorer to backup all my essential personal files on computer.

    Now, like I said I ran Norton and it came back with LOTS of stuff - mostly on MiniPE disk! Also some were in my tools folder on my harddisk, and it also found a few in my windows system folder and one you not called Satoolbar.exe (mind spelling). I had no idea MiniPE was so infested as nothing before Norton came back with results.

    Now back to your advice. I have removed Utorrent as you requested. I have removed Ask.com but a message came back saying it failed to unregister, its gone from harddisk non-the-less.

    I will not continue with scans you suggest in Steps 3 onwards until you give me the go-ahead seeing as I have installed and ran Norton. I didnt realize this would cause problems with your advice given here, but if you need me to start again with something then I am happy to, or to continue with steps 3 onwards.

    I will post the zipped mbr log with this post as you requested. And NO, I didnt edit any hosts file, nor do I know anything about it!

    Please tell me how you want me to proceed. I will do nothing else with my computer until you tell me to.

    Thanks for your help.:)
     

    Attached Files:

    • MBR.zip
      File size:
      499 bytes
      Views:
      3
  16. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Also I would add I removed Crossrider web apps as you suggested and rebooted. Also just to clarify, I now only have Norton 360 Gold doing everything, as I removed both Sygate firewall and AVG. I do have running alongside Norton, SuperAntiSpyware.

    Meant to put that in my reply - remember I have attached MBR log to above reply.

    Thanks again.
     
  17. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi roy1972,

    Thanks for the update! Since things have changed, let's get another look at your system before we start to change anything. Please launch OTL like before and copy the bold text below into the custom scan/fix area:

    DRIVES
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


    Then, press Run Scan.

    This time, only one log will open (OTL.txt). Please copy/paste the contents of that in your reply and I'll cross reference it with my previous notes and reply back with updated instructions.

    -etavares
     
  18. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Here is my recent OTR log :-

    OTL logfile created on: 21/04/2013 12:07:02 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.06% Memory free
    3.85 Gb Paging File | 2.66 Gb Available in Paging File | 68.98% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 45.63 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
    Drive E: | 3.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe ()
    PRC - C:\Program Files\Norton 360\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
    MOD - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe ()
    MOD - C:\Program Files\Foxit Software\Foxit Reader\plugins\Speech.fpi ()
    MOD - C:\Program Files\Norton 360\Engine\20.3.1.22\wincfi39.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\bb044cd004af2e4fb1375e507a27db56\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\666b46e6cb9abe4dbe6c6dfcc8568cf3\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\1a030f7a6283454da01a2b1af8e577ff\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\68797bd1efbfae44bff716cb63911472\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\36d9e0cf6c5af34f987c77820faa0084\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5d3d529b23845f47993cc1fd34f294fa\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\42c974e2ff259548b7a092975e4f9334\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\Program Files\File Shredder\fsshell.dll ()
    MOD - C:\WINDOWS\system32\Primomonnt.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (portio32) -- system32\drivers\portio32.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130420.003\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130420.003\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130419.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
    DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
    DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (CV2K1) -- C:\WINDOWS\system32\drivers\cv2k1.sys (TamoSoft, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (se27unic) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
    DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
    DRV - (se27nd5) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
    DRV - (SE27mgmt) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
    DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
    DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
    DRV - (SE27bus) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (ts_lb) -- C:\WINDOWS\system32\drivers\ts_lb.sys (TamoSoft, Inc.)
    DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
    IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43"
    FF - prefs.js..extensions.enabledAddons: %7B3DB5ABE1-407D-458F-AD5D-8D89BD625CCC%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
    FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
    FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.3.19
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100008
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
    FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}:4.6.6.8
    FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
    FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
    FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.10
    FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
    FF - prefs.js..keyword.URL: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox [2011/07/09 00:23:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/16 03:08:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/19 20:51:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/04/21 10:12:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:23:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 01:23:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/17 14:47:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/21 00:27:54 | 000,000,000 | ---D | M]

    [2009/07/23 03:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/07/30 19:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\daftbackup delete if all well\Profiles\n9tszq57.default\extensions
    [2013/04/20 11:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions
    [2011/05/11 01:17:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
    [2013/04/10 22:53:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/03/16 06:23:29 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
    [2013/02/25 15:11:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/12/27 02:13:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011/04/26 23:00:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\illimitux@illimitux.net
    [2013/03/10 21:38:57 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\artur.dubovoy@gmail.com.xpi
    [2013/02/23 20:32:13 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\firebug@software.joehewitt.com.xpi
    [2013/02/15 20:39:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/04/20 01:26:58 | 000,002,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\safesearch.xml
    [2009/10/06 21:55:31 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchalot.xml
    [2009/10/06 21:56:45 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchgeek.xml
    [2009/10/06 21:56:25 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\snappy-words.xml
    [2012/10/16 03:20:23 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\Web Search.xml
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}
    [2013/04/21 10:12:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
    [2013/04/19 20:51:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
    [2013/04/12 01:23:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/12/27 02:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 20:53:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\
    CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.5_0\
    CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
    CHR - Extension: Ghostery = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/21 17:52:14 | 000,785,565 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1localhost
    O1 - Hosts: 127.0.0.1 .impresionesweb.com
    O1 - Hosts: 127.0.0.1 .banners.publipagos.com
    O1 - Hosts: 127.0.0.1 .publipagos.com
    O1 - Hosts: 127.0.0.1 v3.publipagos.com
    O1 - Hosts: 127.0.0.1 red.as-eu.falkag.net
    O1 - Hosts: 127.0.0.1 .googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead1.googlesyndication.com
    O1 - Hosts: 127.0.0.1 morannon.fok.nl
    O1 - Hosts: 127.0.0.1 ad.firstadsolution.com
    O1 - Hosts: 127.0.0.1 .clicktorrent.info
    O1 - Hosts: 127.0.0.1.aavc.com
    O1 - Hosts: 127.0.0.1.acjp.com
    O1 - Hosts: 127.0.0.1.ebav.com
    O1 - Hosts: 127.0.0.1.ebaw.com
    O1 - Hosts: 127.0.0.1.ebch.com
    O1 - Hosts: 127.0.0.1.ebdv.com
    O1 - Hosts: 127.0.0.1.ebdw.com
    O1 - Hosts: 127.0.0.1.ebgo.com
    O1 - Hosts: 127.0.0.1.ebjp.com
    O1 - Hosts: 127.0.0.1.ebkb.com
    O1 - Hosts: 127.0.0.1.ebkn.com
    O1 - Hosts: 127.0.0.1.ebky.com
    O1 - Hosts: 127.0.0.1.eblv.com
    O1 - Hosts: 26658 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk = C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C6BF1D7-281C-461D-A3F1-48F07ED56B84}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/21 11:17:45 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2013/04/21 10:08:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2013/04/20 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Steps done so far
    [2013/04/20 11:54:03 | 005,057,575 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/20 11:49:32 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Help against hacker in my system -computer forums_files
    [2013/04/20 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2013/04/20 01:03:26 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/20 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
    [2013/04/20 00:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
    [2013/04/20 00:35:52 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.sys
    [2013/04/20 00:35:52 | 000,394,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdi.sys
    [2013/04/20 00:35:52 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.sys
    [2013/04/20 00:35:52 | 000,350,368 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdiv.sys
    [2013/04/20 00:35:52 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnets.sys
    [2013/04/20 00:35:52 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.sys
    [2013/04/20 00:35:52 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.sys
    [2013/04/20 00:35:51 | 000,602,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.sys
    [2013/04/20 00:35:51 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ironx86.sys
    [2013/04/20 00:35:51 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.sys
    [2013/04/20 00:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1403010.016
    [2013/04/19 20:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
    [2013/04/19 20:50:21 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/04/19 20:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
    [2013/04/19 20:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/04/19 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2013/04/19 20:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2013/04/19 19:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Windows 7 Upgrade advisor reports
    [2013/04/19 19:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2013/04/19 19:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    [2013/04/19 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GOT
    [2013/04/19 11:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DONE
    [2013/04/18 01:16:59 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
    [2013/04/16 19:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/04/16 19:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/14 07:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/04/12 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
    [2013/04/12 01:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/04/08 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2012/10/16 03:20:00 | 000,442,048 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Administrator\Application Data\vioer.exe
    [2012/10/16 03:19:38 | 006,312,677 | ---- | C] (VIO ) -- C:\Documents and Settings\Administrator\Application Data\vio_clean.exe
    [2009/07/23 03:42:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/21 11:59:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job
    [2013/04/21 11:54:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/21 11:47:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    [2013/04/21 11:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/04/21 10:13:03 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/21 10:12:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/04/21 03:47:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    [2013/04/20 14:04:01 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:54:41 | 005,057,575 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/20 11:49:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 11:45:54 | 000,196,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Help against hacker in my system -computer forums.htm
    [2013/04/20 11:23:42 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:36 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:54:58 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/04/20 01:30:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/04/20 01:08:23 | 000,628,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 01:04:07 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/19 20:50:21 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 18:55:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/04/19 13:54:05 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tcpvcon.exe.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/17 15:49:46 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2013/04/17 05:16:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/04/16 19:25:22 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/16 19:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/15 17:04:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/13 00:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/12 23:53:56 | 000,186,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/08 02:14:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/04/03 09:21:26 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/03/31 20:09:51 | 000,392,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/31 20:09:51 | 000,058,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/20 14:04:01 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:45:53 | 000,196,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help against hacker in my system -computer forums.htm
    [2013/04/20 11:23:42 | 000,000,287 | ---- | C] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:35 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:08:07 | 000,628,057 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 00:35:52 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.cat
    [2013/04/20 00:35:52 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.cat
    [2013/04/20 00:35:52 | 000,007,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.cat
    [2013/04/20 00:35:52 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.cat
    [2013/04/20 00:35:52 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.cat
    [2013/04/20 00:35:52 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.inf
    [2013/04/20 00:35:52 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.inf
    [2013/04/20 00:35:52 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.inf
    [2013/04/20 00:35:52 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.inf
    [2013/04/20 00:35:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.inf
    [2013/04/20 00:35:52 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.inf
    [2013/04/20 00:35:51 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.cat
    [2013/04/20 00:35:51 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.cat
    [2013/04/20 00:35:51 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.cat
    [2013/04/20 00:35:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.cat
    [2013/04/20 00:35:51 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.inf
    [2013/04/20 00:35:51 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.inf
    [2013/04/20 00:35:51 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.inf
    [2013/04/20 00:35:27 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symvtcer.dat
    [2013/04/20 00:35:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/04/19 20:50:21 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 13:54:05 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tcpvcon.exe.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/16 19:25:22 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/15 17:03:58 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/08 02:14:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012/08/10 18:28:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
    [2011/10/29 01:43:44 | 000,179,712 | ---- | C] () -- C:\WINDOWS\System32\DPUNINST.DLL
    [2011/06/06 07:03:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/06/06 07:03:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/21 09:29:13 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2011/01/05 00:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\AstroViewer 3.1.3-Path
    [2009/09/30 16:11:14 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
    [2009/07/25 18:31:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\.gtk-bookmarks
    [2009/07/25 18:29:06 | 000,205,905 | ---- | C] () -- C:\Documents and Settings\Administrator\.fonts.cache-1
    [2009/07/23 04:02:43 | 000,186,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/23 03:43:04 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
    [2009/07/23 03:42:37 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
    [2009/07/23 03:42:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
    [2009/07/23 03:42:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf

    ========== ZeroAccess Check ==========

    [2009/07/23 02:23:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/01 13:00:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2006/10/01 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006/10/01 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: Hitachi HDT725040VLA360
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 373.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    < %SYSTEMDRIVE%\*.* >
    [2013/04/20 11:23:42 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2012/07/24 15:50:47 | 000,143,987 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2013/04/20 01:30:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2009/02/09 19:24:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/10/01 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/10/01 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2012/12/19 21:09:16 | 530,579,456 | ---- | M] () -- C:\ophcrack-vista-livecd-3.4.0.iso
    [2013/04/21 10:11:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2013/03/05 14:42:15 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/01 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
    [2006/08/09 12:04:00 | 000,025,036 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\OPLWPP3.DLL

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2009/07/23 02:47:06 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/07/23 02:47:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/07/23 02:47:06 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\* >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
    @Alternate Data Stream - 12 bytes -> C:\Documents and Settings\Administrator\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD7C5005
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >


    Thanks.
     
  19. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, roy1972.



    There's a lot of leftover junk. I did update it a bit.

    Step 1

    We need run an OTL Script
    1. Please download OTL from one of the following mirrors if you do not still have it.
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Paste the following code under the Custom Scans/Fixes box at the bottom.
      Code:
      :OTL
      DRV - (WDICA) -- File not found
      DRV - (portio32) -- system32\drivers\portio32.sys File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (i2omgmt) -- File not found
      DRV - (Changer) -- File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
      O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
      O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
      @Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
      @Alternate Data Stream - 12 bytes -> C:\Documents and Settings\Administrator\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD7C5005
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
      IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      FF - prefs.js..browser.startup.homepage: "http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43"
      FF - prefs.js..keyword.URL: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query="
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100008
      FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.10
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox [2011/07/09 00:23:37 | 000,000,000 | ---D | M]
      CHR - default_search_provider: search_url = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
      CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
      CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\crossrider
      CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\
      CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\crossrider
      CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\
      :files
      C:\Program Files\CrossriderWebApps
      C:\Documents and Settings\Administrator\Application Data\satoolbar.exe
      
    5. Click the Run Fix button at the top.
    6. let the program run unhindered and reboot when it is done.
    7. You will get a log when it is done, please post that in your reply.
    8. Please then create a new OTL report....
    9. Click the "Scan All Users" checkbox.
    10. Push the [​IMG] button.
    11. A report will open, copy and paste it in a reply here.



    Step 2

    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply



    Step 3



    Next, please download ComboFix from one of these locations:
    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on etavaresCF.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

    etavares
     
  20. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Completed all steps you requested in last post. Below are my logs and I will post each one separately.

    RunFix Log No 1 :-

    ========== OTL ==========
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    File File not found not found.
    Service portio32 stopped successfully!
    Service portio32 deleted successfully!
    File system32\drivers\portio32.sys File not found not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    File File not found not found.
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    File File not found not found.
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    File File not found not found.
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    File File not found not found.
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    File File not found not found.
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    File File not found not found.
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    File File not found not found.
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    File File not found not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
    ADS C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD} deleted successfully.
    ADS C:\Documents and Settings\Administrator\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD7C5005 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
    Prefs.js: "http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43" removed from browser.startup.homepage
    Prefs.js: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query=" removed from keyword.URL
    Prefs.js: toolbar@ask.com:3.8.0.100008 removed from extensions.enabledItems
    Prefs.js: crossriderapp435@crossrider.com:0.72.10 removed from extensions.enabledItems
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\skin folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\locale\en-US folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\locale folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\defaults\preferences folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\defaults folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\chrome\content\lib\facebox\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\chrome\content\lib\facebox folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\chrome\content\lib folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\chrome\content folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox\chrome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox folder moved successfully.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to change the HomePage.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0\crossrider not found.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_0 not found.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3\crossrider not found.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.70_3 not found.
    ========== FILES ==========
    File\Folder C:\Program Files\CrossriderWebApps not found.
    File\Folder C:\Documents and Settings\Administrator\Application Data\satoolbar.exe not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 04222013_152025
     

Share This Page