Redirected from Google search results to other malicious websites

Solved
By across151
Dec 8, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,141   +251

  2. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    I ran norton removal tool successfully


    OTL logfile created on: 12/14/2010 5:39:06 PM - Run 5
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.26 Gb Total Space | 31.57 Gb Free Space | 10.88% Space Free | Partition Type: NTFS

    Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
    SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
    SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
    DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/13 17:33:46 | 000,000,000 | ---D | M]

    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/12/14 16:55:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
    [2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/10/21 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
    [2010/12/14 16:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/12 11:12:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
    [2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
    [2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
    [2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
    [2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
    [2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
    [2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
    [2010/11/17 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/17 18:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
    [2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
    [2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
    [2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
    [2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
    [2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
    [2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
    [2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
    [2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
    [2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
    [2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/14 17:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/14 17:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/14 17:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/14 17:31:51 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/14 17:31:51 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/12 20:36:03 | 000,050,176 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/12 20:12:10 | 000,073,449 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
    [2010/12/12 19:25:39 | 000,000,937 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/17 18:11:58 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/16 20:46:48 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/12 20:12:09 | 000,073,449 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
    [2010/12/12 19:25:39 | 000,000,937 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
    [2010/11/17 18:11:58 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/16 20:46:48 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
    [2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
    [2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
    [2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
    [2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
    [2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/06/10 18:22:01 | 000,050,176 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
    [2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
    [2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
    [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
    [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
    [2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
    [2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
    [2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
    [2009/06/10 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
    [2010/12/14 17:35:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
    [2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
    [2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
    [2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
    [2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
    [2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
    [2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
    [2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
    [2010/12/12 19:25:40 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
    [2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
    [2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
    [2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
    [2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
    [2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
    [2010/12/14 17:36:13 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    More scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
  4. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default.Default-PC
    ->Temp folder emptied: 26518362 bytes
    ->Temporary Internet Files folder emptied: 53192092 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 107027596 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 21254 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5776 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 178.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Default.Default-PC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12152010_182026

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...





    Security Check Log

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 8.2.3
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````







    BitDefender QuickScan Log

    QuickScan Beta 32-bit v0.9.9.52
    -------------------------------
    Scan date: Wed Dec 15 18:30:45 2010
    Machine ID: 78135D2F



    No infection found.
    -------------------



    Processes
    ---------
    ConfigFree(TM) 1488 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    Firefox 1472 C:\Program Files\Mozilla Firefox\firefox.exe
    Firefox 1440 C:\Program Files\Mozilla Firefox\plugin-container.exe
    Microsoft® .NET Framework 976 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    Microsoft® Windows Live ID 2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    Microsoft® Windows Live ID 3352 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    Microsoft® Windows® Operating System 3236 C:\Program Files\Windows Media Player\wmpnetwk.exe
    Microsoft® Windows® Operating System 2868 C:\Program Files\Windows Media Player\wmpnscfg.exe
    Microsoft® Windows® Operating System 3244 C:\Windows\ehome\ehmsas.exe
    Microsoft® Windows® Operating System 2856 C:\Windows\ehome\ehtray.exe
    Microsoft® Windows® Operating System 1736 C:\Windows\explorer.exe
    Microsoft® Windows® Operating System 620 C:\Windows\System32\csrss.exe
    Microsoft® Windows® Operating System 692 C:\Windows\System32\csrss.exe
    Microsoft® Windows® Operating System 1996 C:\Windows\System32\dwm.exe
    Microsoft® Windows® Operating System 736 C:\Windows\System32\lsass.exe
    Microsoft® Windows® Operating System 744 C:\Windows\System32\lsm.exe
    Microsoft® Windows® Operating System 724 C:\Windows\System32\services.exe
    Microsoft® Windows® Operating System 1376 C:\Windows\System32\SLsvc.exe
    Microsoft® Windows® Operating System 548 C:\Windows\System32\smss.exe
    Microsoft® Windows® Operating System 1844 C:\Windows\System32\spoolsv.exe
    Microsoft® Windows® Operating System 484 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1432 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1616 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 936 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1156 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1068 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1252 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1352 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1192 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1880 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 2148 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 2280 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
    Microsoft® Windows® Operating System 124 C:\Windows\System32\taskeng.exe
    Microsoft® Windows® Operating System 828 C:\Windows\System32\taskeng.exe
    Microsoft® Windows® Operating System 1964 C:\Windows\System32\wbem\WmiPrvSE.exe
    Microsoft® Windows® Operating System 2604 C:\Windows\System32\wercon.exe
    Microsoft® Windows® Operating System 680 C:\Windows\System32\wininit.exe
    Microsoft® Windows® Operating System 852 C:\Windows\System32\winlogon.exe
    Microsoft® Windows® Operating System 1096 C:\Windows\System32\wuauclt.exe
    MobileDeviceService 944 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PnkBstrA.exe 1888 C:\Windows\System32\PnkBstrA.exe
    TOSHIBA Power Saver 2184 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    Windows® Search 3520 C:\Windows\System32\SearchFilterHost.exe
    Windows® Search 2388 C:\Windows\System32\SearchIndexer.exe
    Windows® Search 1988 C:\Windows\System32\SearchProtocolHost.exe


    Network activity
    ----------------
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 184.86.88.74
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.45.101
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.67.149
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 8.18.45.80
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.185
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 69.63.189.16
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.24
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.45.101
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.178
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 65.61.163.44
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 66.235.142.20
    Process firefox.exe (1472) connected on port 80 (HTTP) --> 91.199.104.31

    Process wininit.exe (680) listens on ports: 49152 (RPC)
    Process services.exe (724) listens on ports: 49156 (RPC)
    Process lsass.exe (736) listens on ports: 49155 (RPC)
    Process svchost.exe (1020) listens on ports: 135 (RPC)
    Process svchost.exe (1156) listens on ports: 49153 (RPC)
    Process svchost.exe (1252) listens on ports: 49154 (RPC)


    Autoruns and critical files
    ---------------------------
    cdloader2 C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe
    GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
    Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
    Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
    Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    Windows® Internet Explorer C:\Windows\System32\webcheck.dll


    Browser plugins
    ---------------
    2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
    Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    BitDefender QuickScan C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    BitDefender QuickScan C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
    Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    JuniperSetupClientCtrlUninstaller.exe C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
    Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
    Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
    Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
    Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    Windows® Internet Explorer C:\Windows\System32\ieframe.dll
    Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
    Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


    Missing files
    -------------
    File not found: C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys
    --> HKLM\System\ControlSet001\services\catchme\"ImagePath"

    File not found: C:\Windows\System32\appmgmts.dll
    --> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

    File not found: C:\Windows\system32\FastUv32.dll
    --> HKLM\System\ControlSet001\services\FastUserSwitchingCompatibility\Parameters\"ServiceDll"

    File not found: NDSTray.exe
    --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"

    File not found: system32\DRIVERS\ipinip.sys
    --> HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

    File not found: system32\DRIVERS\nwlnkflt.sys
    --> HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

    File not found: system32\DRIVERS\nwlnkfwd.sys
    --> HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


    Scan
    ----


    No file uploaded.

    Scan finished - communication took 8 sec
    Total traffic - 0.07 MB sent, 636.10 KB recvd
    Scanned 1345 files and modules - 28 seconds

    ==============================================================================
  5. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ==================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  6. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    I still have the downloading problem where I download something and as soon as download is finished, the file disappears, even a file search turned up nothing.

    I'm also still getting the "you need permission" error while reinstalling ESET, same error pops up when i try to delete the folder too.




    OTL Log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default.Default-PC
    ->Temp folder emptied: 83273154 bytes
    ->Temporary Internet Files folder emptied: 1654663 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41812005 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1644 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6484 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 121.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Default.Default-PC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.17.3 log created on 12162010_164241

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  7. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Create new user account with admin rights and see, if you have same issues.
  8. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    done, still no change, i can't install a new antivirus while ESET is still there
  9. Broni

    Broni Malware Annihilator Posts: 46,141   +251

  10. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    ESET didnt appear on Revo uninstaller's list, i did a forced uninstall by using the path to the ESET folder, it appeared to have worked but after the restart, its still there and still wont reinstall.

    I've also noticed that my entire hard drive has "read only" checked on properties, but i can still delete other folders, just not ESET.

    Also I have resolved the downloading issue by bypassing a security check done by windows on browser downloads.




    OTL logfile created on: 12/17/2010 6:25:37 PM - Run 6
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.26 Gb Total Space | 28.93 Gb Free Space | 9.97% Space Free | Partition Type: NTFS

    Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/14 16:27:24 | 015,103,424 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
    PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/08/21 06:42:56 | 001,957,376 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/20 21:24:43 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
    PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
    SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
    SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
    DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 16:38:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/17 18:06:54 | 000,000,000 | ---D | M]

    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/12/16 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
    [2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/15 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/12/16 17:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/14 21:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/17 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\VS Revo Group
    [2010/12/17 18:02:10 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2010/12/17 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2010/12/17 16:15:18 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
    [2010/12/16 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/12/16 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/12/15 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
    [2010/12/15 18:20:26 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/15 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\JavaRa
    [2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
    [2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
    [2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
    [2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
    [2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
    [2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
    [2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
    [2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
    [2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
    [2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
    [2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
    [2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
    [2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
    [2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
    [2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
    [2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
    [2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
    [2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/17 18:24:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/17 18:24:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/17 18:15:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/17 18:15:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/17 18:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/17 18:04:51 | 000,051,200 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/17 17:48:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
    [2010/12/17 17:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
    [2010/12/17 17:01:21 | 000,402,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/17 15:59:41 | 000,000,949 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/12/16 19:50:54 | 000,000,947 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/16 17:44:50 | 000,002,118 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
    [2010/12/16 17:44:50 | 000,002,080 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/16 16:38:59 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2010/12/15 18:10:00 | 000,869,051 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
    [2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/12/09 23:25:57 | 000,080,384 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
    [2010/12/08 20:44:18 | 000,624,128 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
    [2010/12/08 20:43:36 | 000,296,448 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/17 15:59:41 | 000,000,949 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/12/16 17:44:50 | 000,002,118 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
    [2010/12/16 17:44:50 | 000,002,080 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/16 17:43:54 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
    [2010/12/16 17:43:53 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
    [2010/12/16 16:38:59 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2010/12/15 23:25:28 | 003,963,823 | ---- | C] () -- C:\Users\Default.Default-PC\Documents\Heroine - Callan, Parriss, Hayden, Earl.mp3
    [2010/12/15 18:09:47 | 000,869,051 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
    [2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/12 19:25:39 | 000,000,947 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/09 23:25:57 | 000,080,384 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
    [2010/12/08 20:44:13 | 000,624,128 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
    [2010/12/08 20:43:34 | 000,296,448 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
    [2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
    [2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
    [2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
    [2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
    [2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
    [2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/06/10 18:22:01 | 000,051,200 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
    [2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
    [2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
    [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
    [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
    [2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
    [2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
    [2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
    [2010/12/17 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
    [2010/12/17 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
    [2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
    [2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
    [2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
    [2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
    [2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
    [2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
    [2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
    [2010/12/16 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
    [2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
    [2010/12/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
    [2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
    [2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
    [2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
    [2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
    [2010/12/17 18:07:42 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Good job on other issues :)

    Any errors given?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
      DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
      DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
      DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
      FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/17 18:06:54 | 000,000,000 | ---D | M]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [2010/12/17 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
  12. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    I'm still getting the same "you need permission" error



    OTL Fix Log
    All processes killed
    ========== OTL ==========
    Service Epfwndis stopped successfully!
    Service Epfwndis deleted successfully!
    File move failed. C:\Windows\System32\drivers\epfwndis.sys scheduled to be moved on reboot.
    Error: Unable to stop service epfw!
    Unable to delete service\driver key epfw.
    File move failed. C:\Windows\System32\drivers\epfw.sys scheduled to be moved on reboot.
    Error: Unable to stop service ehdrv!
    Unable to delete service\driver key ehdrv.
    File move failed. C:\Windows\System32\drivers\ehdrv.sys scheduled to be moved on reboot.
    Error: Unable to stop service eamon!
    Unable to delete service\driver key eamon.
    File move failed. C:\Windows\System32\drivers\eamon.sys scheduled to be moved on reboot.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
    C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components folder moved successfully.
    Folder move failed. C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird scheduled to be moved on reboot.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Users\Default.Default-PC\AppData\Roaming\ESET folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 33431 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default.Default-PC
    ->Temp folder emptied: 3099934 bytes
    ->Temporary Internet Files folder emptied: 803657 bytes
    ->Java cache emptied: 12660 bytes
    ->FireFox cache emptied: 25482623 bytes
    ->Google Chrome cache emptied: 343629044 bytes
    ->Flash cache emptied: 4808 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3326 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 7502258 bytes

    Total Files Cleaned = 363.00 mb


    [EMPTYFLASH]

    User: Admin
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Default.Default-PC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12172010_194829

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\System32\drivers\epfwndis.sys scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\drivers\epfw.sys scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\drivers\ehdrv.sys scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\drivers\eamon.sys scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird scheduled to be moved on reboot.

    Registry entries deleted on Reboot...




    OTL Quick Scan Log
    OTL logfile created on: 12/17/2010 7:57:14 PM - Run 7
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.26 Gb Total Space | 30.53 Gb Free Space | 10.52% Space Free | Partition Type: NTFS

    Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
    SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
    SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
    DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 16:38:59 | 000,000,000 | ---D | M]

    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/12/16 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
    [2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/15 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/12/17 19:13:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/14 21:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/17 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\VS Revo Group
    [2010/12/17 18:02:10 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2010/12/17 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2010/12/16 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/12/16 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/12/15 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
    [2010/12/15 18:20:26 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/15 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\JavaRa
    [2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
    [2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
    [2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
    [2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
    [2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
    [2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
    [2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
    [2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
    [2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
    [2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
    [2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
    [2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
    [2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
    [2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
    [2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
    [2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
    [2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
    [2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/17 19:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/17 19:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/17 19:53:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/17 19:48:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
    [2010/12/17 18:53:12 | 000,211,076 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_0256.JPG
    [2010/12/17 18:15:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/17 18:15:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/17 18:04:51 | 000,051,200 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/17 17:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
    [2010/12/17 17:01:21 | 000,402,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/17 15:59:41 | 000,000,949 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/12/16 19:50:54 | 000,000,947 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/16 17:44:50 | 000,002,118 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
    [2010/12/16 17:44:50 | 000,002,080 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/16 16:38:59 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2010/12/15 18:10:00 | 000,869,051 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
    [2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/12/09 23:25:57 | 000,080,384 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
    [2010/12/08 20:44:18 | 000,624,128 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
    [2010/12/08 20:43:36 | 000,296,448 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/17 18:53:06 | 000,211,076 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\IMG_0256.JPG
    [2010/12/17 15:59:41 | 000,000,949 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/12/16 17:44:50 | 000,002,118 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
    [2010/12/16 17:44:50 | 000,002,080 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/16 17:43:54 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
    [2010/12/16 17:43:53 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
    [2010/12/16 16:38:59 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2010/12/15 23:25:28 | 003,963,823 | ---- | C] () -- C:\Users\Default.Default-PC\Documents\Heroine - Callan, Parriss, Hayden, Earl.mp3
    [2010/12/15 18:09:47 | 000,869,051 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
    [2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
    [2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
    [2010/12/12 19:25:39 | 000,000,947 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
    [2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/09 23:25:57 | 000,080,384 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
    [2010/12/08 20:44:13 | 000,624,128 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
    [2010/12/08 20:43:34 | 000,296,448 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
    [2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
    [2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
    [2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
    [2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
    [2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
    [2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/06/10 18:22:01 | 000,051,200 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
    [2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
    [2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
    [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
    [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
    [2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
    [2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
    [2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
    [2010/12/17 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
    [2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
    [2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
    [2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
    [2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
    [2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
    [2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
    [2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
    [2010/12/16 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
    [2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
    [2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
    [2010/12/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
    [2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
    [2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
    [2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
    [2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
    [2010/12/17 19:52:21 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Those Eset drivers are still there...
    Let's try some stronger tool...

    Please download The Avenger by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
  14. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Completed script processing.

    *******************

    Finished! Terminate.
  15. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Begin copying here:
    Drivers to disable:
    C:\Windows\System32\drivers\epfw.sys
    C:\Windows\System32\drivers\ehdrv.sys
    C:\Windows\System32\drivers\eamon.sys
    
    Drivers to delete:
    C:\Windows\System32\drivers\epfw.sys
    C:\Windows\System32\drivers\ehdrv.sys
    C:\Windows\System32\drivers\eamon.sys
    
    
    Files to delete:
    C:\Windows\System32\drivers\epfw.sys
    C:\Windows\System32\drivers\ehdrv.sys
    C:\Windows\System32\drivers\eamon.sys
    
    

    2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

    * Right click on the window under Input script here:, and select Paste.
    * You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    * Click on Execute
    * Answer "Yes" twice when prompted.


    3. The Avenger will automatically do the following:

    * It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    4. Please copy/paste the content of c:\avenger.txt into your reply
  16. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error: could not open driver "C:\Windows\System32\drivers\epfw.sys"
    Disablement of driver "C:\Windows\System32\drivers\epfw.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: could not open driver "C:\Windows\System32\drivers\ehdrv.sys"
    Disablement of driver "C:\Windows\System32\drivers\ehdrv.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: could not open driver "C:\Windows\System32\drivers\eamon.sys"
    Disablement of driver "C:\Windows\System32\drivers\eamon.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\epfw.sys" not found!
    Deletion of driver "C:\Windows\System32\drivers\epfw.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\ehdrv.sys" not found!
    Deletion of driver "C:\Windows\System32\drivers\ehdrv.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\eamon.sys" not found!
    Deletion of driver "C:\Windows\System32\drivers\eamon.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    File "C:\Windows\System32\drivers\epfw.sys" deleted successfully.
    File "C:\Windows\System32\drivers\ehdrv.sys" deleted successfully.
    File "C:\Windows\System32\drivers\eamon.sys" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
  17. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    Have you tried to reinstall Eset now?
  18. across151

    across151 Newcomer, in training Topic Starter Posts: 23

    successfully reinstalled ESET, thank you for all your help!
     
  19. Broni

    Broni Malware Annihilator Posts: 46,141   +251

    YAY!!

    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.