Inactive Windows Firewall and Defender won't start after virus removal

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
volsnap.sys
winlogon.exe
nvraid.sys
consrv.dll
winsrv.dll
svchost.exe
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
seems i have some crazy recurring appdata folder, its scanning the same files over and over :/ it looks like this c:programdata\application data\application data\application data\application data\application data\application data


im gonna leave it too scan it all tho, ill post logs soon
 
ok the scan is finished hear are the logs :)

OTL logfile created on: 09/01/2012 22:40:18 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tommyg\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.57% Memory free
7.54 Gb Paging File | 6.17 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): c:\pagefile.sys 4650 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 13.90 Gb Free Space | 4.66% Space Free | Partition Type: NTFS
Drive D: | 142.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TOMMYG-PC | User Name: tommyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 22:39:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tommyg\Desktop\OTL.exe
PRC - [2012/01/08 00:55:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/09 00:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/10 03:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/11/10 03:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/18 12:58:13 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 09:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/25 20:10:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 22:19:05 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/09 22:19:05 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/08 13:38:48 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2012/01/08 13:38:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2012/01/08 00:54:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/07 21:51:12 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/07 21:51:12 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/14 17:36:13 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/14 17:34:39 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/14 09:08:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 09:08:03 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 09:07:49 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/14 09:07:48 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 09:07:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 09:07:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 09:06:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 09:06:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 09:06:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 09:06:33 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 09:06:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/05/01 00:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dll
MOD - [2011/03/02 19:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/09 20:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/21 23:40:44 | 000,330,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011/11/21 22:41:42 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/11/15 18:32:46 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/11/15 18:32:42 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/11/10 03:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/10/14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/09/18 09:17:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/09/03 19:23:08 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/15 09:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/18 12:58:13 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2011/04/16 22:08:31 | 001,687,044 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2011/04/16 22:08:19 | 002,179,076 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/03/22 07:36:20 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 12:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/10 03:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/11/10 02:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/10/17 17:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/24 23:40:12 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/05/24 23:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/06 14:14:22 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/04/02 18:36:58 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/18 11:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/11 10:44:02 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/05/20 13:40:28 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2010/03/10 11:32:34 | 000,594,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/02/25 15:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/01/15 14:03:38 | 001,156,224 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW713x.sys -- (HCW713x)
DRV - [2009/09/16 06:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/13 22:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/04/06 07:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 07:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/06/25 08:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 08:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 08:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 08:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 08:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 08:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 08:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/02/16 00:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/05 10:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 530756606
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 32 39 67 4E F1 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@megamedia/Megakey: C:\Users\tommyg\AppData\Local\Megamedia\Megakey\npMegaPlugin.dll (Megamedia Ltd.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tommyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/18 10:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/18 10:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 00:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 15:31:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}: C:\Users\tommyg\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB} [2011/11/09 11:06:31 | 000,000,000 | ---D | M]

[2011/04/11 08:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Extensions
[2011/04/09 11:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Firefox\extensions
[2011/04/09 11:15:33 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/01/05 18:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Firefox\Profiles\k8s2y8j7.default\extensions
[2011/12/12 13:17:25 | 000,000,000 | ---D | M] (Youtube High Definition) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Firefox\Profiles\k8s2y8j7.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
[2011/08/17 09:01:58 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\tommyg\AppData\Roaming\Mozilla\Firefox\Profiles\k8s2y8j7.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/01/09 14:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/11 09:59:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/09 14:44:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/08/23 11:33:18 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\USERS\TOMMYG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K8S2Y8J7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/08 00:55:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/24 23:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2011/11/09 10:24:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\tommyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX HiQ = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Skype Click to Call = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Megakey = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhocpdgkjoocfobhdbcfeafckeoiemc\0.6.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\tommyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\tommyg\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify] C:\Users\tommyg\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Capture Web Page - C:\Users\tommyg\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\tommyg\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\PrxerNsp.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://clients.futuremark.com/calico/systeminfodeploy/FMSI.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA2245E5-D84A-44A2-9DAD-88503CE6BA14}: NameServer = 10.14.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4CCCFB2-0942-4402-A611-5146980E0678}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\jtskyee: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\jtskyee.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\jtskyee.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 22:39:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tommyg\Desktop\OTL.exe
[2012/01/09 21:03:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/09 19:26:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/09 19:11:49 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\tommyg\Desktop\boot_cleaner.exe
[2012/01/09 17:11:54 | 000,000,000 | --SD | C] -- C:\tg
[2012/01/09 16:53:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/09 16:53:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/09 16:53:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/09 16:53:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 16:52:01 | 000,000,000 | --SD | C] -- C:\tg2012
[2012/01/09 15:45:55 | 004,376,389 | R--- | C] (Swearware) -- C:\Users\tommyg\Desktop\tg.exe
[2012/01/09 15:43:40 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\tommyg\Desktop\aswMBR(1).exe
[2012/01/09 14:46:55 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\ra
[2012/01/09 01:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/09 01:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/09 00:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 00:12:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/08 22:28:11 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Moyea
[2012/01/08 22:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea
[2012/01/08 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2012/01/08 22:25:02 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\FLV Extract
[2012/01/08 02:03:36 | 000,000,000 | --SD | C] -- C:\ff15325f
[2012/01/08 00:56:24 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\MiniRegTool
[2012/01/08 00:51:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/08 00:45:12 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/01/08 00:43:23 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\Tweaking.com - Windows Repair
[2012/01/08 00:20:58 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/01/07 21:51:04 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/07 21:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/07 21:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/07 21:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/07 10:40:55 | 000,000,000 | ---D | C] -- C:\3da6d3f8aa9c540bbda9eb2d891d
[2012/01/07 10:07:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\scrnshot
[2012/01/07 10:07:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\htm
[2012/01/07 09:53:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\pb
[2012/01/06 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\JungleFlasher v0.1.91 Beta (300)
 
[2012/01/06 13:27:36 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\lt3.0
[2012/01/06 11:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 11:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/05 23:34:16 | 000,000,000 | --SD | C] -- C:\ff
[2012/01/04 23:02:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/03 12:46:27 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/01/03 12:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/01/03 12:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\X3 map by Scorp
[2011/12/30 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\New Folder
[2011/12/30 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Desktop\ds
[2011/12/30 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Documents\ds roms
[2011/12/28 12:55:41 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Documents\Hitman Blood Money
[2011/12/28 12:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011/12/28 12:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos
[2011/12/25 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Local\ESN Sonar
[2011/12/20 18:18:08 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Documents\alans wedding
[2011/12/19 04:32:54 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Qiq
[2011/12/19 04:32:54 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Eha
[2011/12/19 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Documents\Egosoft
[2011/12/16 23:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/12/16 23:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flatout 3
[2011/12/16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2011/12/16 21:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011/12/16 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Origin
[2011/12/16 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Local\Origin
[2011/12/16 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/16 16:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/12/16 16:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2011/12/16 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2011/12/15 11:45:40 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/12/15 11:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/15 11:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/12/15 11:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/12/12 13:26:51 | 000,000,000 | ---D | C] -- C:\Users\tommyg\AppData\Roaming\NCH Software
[2011/12/12 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011/12/12 13:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus
[2011/12/12 13:18:23 | 000,200,104 | ---- | C] (fCoder Group International) -- C:\Windows\System32\cnvshell.dll
[2011/12/12 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\tommyg\Documents\Image Converter Plus
[2011/12/12 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\ImageConverter Plus
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/09 22:39:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tommyg\Desktop\OTL.exe
[2012/01/09 22:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/09 22:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/09 22:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/09 22:18:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/09 22:18:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/01/09 22:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 22:18:20 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 22:17:32 | 000,019,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 22:17:32 | 000,019,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 20:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/09 20:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/09 19:26:02 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/09 19:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/09 18:26:02 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/09 18:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/09 17:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/09 17:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/09 16:41:23 | 000,000,512 | ---- | M] () -- C:\Users\tommyg\Desktop\MBR.dat
[2012/01/09 16:34:29 | 000,001,044 | ---- | M] () -- C:\Program Files\SimBin - Shortcut.lnk
[2012/01/09 16:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/09 16:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/09 15:46:03 | 004,376,389 | R--- | M] (Swearware) -- C:\Users\tommyg\Desktop\tg.exe
[2012/01/09 15:43:52 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\tommyg\Desktop\aswMBR(1).exe
[2012/01/09 15:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/09 15:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/09 14:56:06 | 000,013,383 | ---- | M] () -- C:\Users\tommyg\Desktop\pbgame.htm
[2012/01/09 14:51:40 | 000,138,904 | ---- | M] () -- C:\Users\tommyg\AppData\Roaming\PnkBstrK.sys
[2012/01/09 14:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/09 14:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/09 12:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/09 12:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/09 11:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/09 11:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/09 08:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/09 08:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/09 07:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/09 07:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/09 06:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/09 06:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/09 05:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/09 05:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/09 04:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/09 04:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/09 03:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/09 03:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/09 02:37:48 | 000,727,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 02:37:48 | 000,143,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 02:35:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/09 02:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/09 02:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/09 01:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/09 01:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/09 01:08:55 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/09 00:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/09 00:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/09 00:13:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 23:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/08 23:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/08 22:27:38 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Moyea YouTube FLV Downloader.lnk
[2012/01/08 21:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/08 21:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/08 13:49:04 | 000,334,127 | ---- | M] () -- C:\Users\tommyg\Desktop\FSS(1).exe
[2012/01/08 13:32:15 | 000,594,994 | ---- | M] () -- C:\MGlogs.zip
[2012/01/08 13:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/08 13:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/08 10:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/08 10:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/08 09:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/08 09:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/08 02:24:37 | 000,001,083 | ---- | M] () -- C:\Users\tommyg\Documents - Shortcut.lnk
[2012/01/08 00:52:39 | 000,411,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/08 00:51:13 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/01/08 00:14:48 | 000,000,960 | ---- | M] () -- C:\Users\tommyg\Desktop\tg.reg
[2012/01/07 21:50:46 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/07 18:32:45 | 000,007,599 | ---- | M] () -- C:\Users\tommyg\AppData\Local\Resmon.ResmonCfg
[2012/01/07 17:29:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/07 16:12:04 | 000,000,059 | ---- | M] () -- C:\Users\tommyg\Desktop\pbuser.htm
[2012/01/07 10:24:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012/01/07 09:47:39 | 000,005,499 | ---- | M] () -- C:\Windows\System32\pbcl.db
[2012/01/07 09:46:05 | 000,425,984 | ---- | M] () -- C:\Windows\System32\pbsv.dll
[2012/01/07 09:45:57 | 000,057,344 | ---- | M] () -- C:\Windows\System32\pbags.dll
[2012/01/07 09:45:57 | 000,057,344 | ---- | M] () -- C:\Windows\System32\pbag.dll
[2012/01/07 09:45:54 | 000,942,907 | ---- | M] () -- C:\Windows\System32\pbcls.dll
[2012/01/07 09:45:54 | 000,942,907 | ---- | M] () -- C:\Windows\System32\pbcl.dll
[2012/01/07 09:31:15 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/07 01:05:59 | 000,840,264 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2012/01/07 01:05:59 | 000,840,264 | ---- | M] () -- C:\Users\tommyg\Desktop\pbsvc.exe
[2012/01/06 17:34:36 | 000,942,907 | ---- | M] () -- C:\Windows\System32\pbclold.dll
[2012/01/06 12:02:29 | 000,302,592 | ---- | M] () -- C:\Users\tommyg\Desktop\gcnspqi8.exe
[2012/01/04 21:38:12 | 000,000,112 | ---- | M] () -- C:\Windows\System32\pbns_c.dat
[2011/12/28 12:41:46 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk
[2011/12/19 13:49:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\We3oh15q.exe.b
[2011/12/19 00:35:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\70fkeN.dat
[2011/12/19 00:35:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\gPEyO.com.b
[2011/12/19 00:34:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\X3 Terran Conflict.lnk
[2011/12/19 00:34:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\X3 Albion Prelude.lnk
[2011/12/17 12:48:14 | 000,003,798 | ---- | M] () -- C:\Users\tommyg\Desktop\Skills_20111217_124814.csv
[2011/12/16 23:51:49 | 000,001,564 | ---- | M] () -- C:\Users\Public\Desktop\Flatout 3.lnk
[2011/12/16 21:36:21 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/12/16 16:29:06 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/15 04:39:42 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2011/12/12 13:23:10 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Pixillion Image Converter.lnk
[2011/12/12 13:18:27 | 000,000,973 | ---- | M] () -- C:\Users\tommyg\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/12/12 13:18:27 | 000,000,949 | ---- | M] () -- C:\Users\tommyg\Desktop\ImageConverter Plus.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 16:53:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/09 16:53:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/09 16:53:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/09 16:53:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/09 16:53:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 16:41:23 | 000,000,512 | ---- | C] () -- C:\Users\tommyg\Desktop\MBR.dat[2012/01/09 16:34:29 | 000,001,044 | ---- | C] () -- C:\Program Files\SimBin - Shortcut.lnk
[2012/01/09 01:11:02 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/09 01:11:01 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/09 01:08:55 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/09 00:13:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 22:27:38 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Moyea YouTube FLV Downloader.lnk
[2012/01/08 13:49:02 | 000,334,127 | ---- | C] () -- C:\Users\tommyg\Desktop\FSS(1).exe
[2012/01/08 02:24:37 | 000,001,083 | ---- | C] () -- C:\Users\tommyg\Documents - Shortcut.lnk
[2012/01/08 01:11:24 | 000,594,994 | ---- | C] () -- C:\MGlogs.zip
[2012/01/08 00:14:48 | 000,000,960 | ---- | C] () -- C:\Users\tommyg\Desktop\tg.reg
[2012/01/07 21:50:46 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/07 15:31:43 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/07 10:35:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/07 10:28:58 | 000,000,059 | ---- | C] () -- C:\Users\tommyg\Desktop\pbuser.htm
[2012/01/07 10:28:48 | 000,013,383 | ---- | C] () -- C:\Users\tommyg\Desktop\pbgame.htm
[2012/01/07 10:28:37 | 000,846,336 | ---- | C] () -- C:\Users\tommyg\Desktop\pbsetup.exe
[2012/01/07 10:07:08 | 000,942,907 | ---- | C] () -- C:\Windows\System32\pbcls.dll
[2012/01/07 10:07:08 | 000,942,907 | ---- | C] () -- C:\Windows\System32\pbclold.dll
[2012/01/07 10:07:08 | 000,942,907 | ---- | C] () -- C:\Windows\System32\pbcl.dll
[2012/01/07 10:07:08 | 000,425,984 | ---- | C] () -- C:\Windows\System32\pbsv.dll
[2012/01/07 10:07:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\pbags.dll
[2012/01/07 10:07:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\pbag.dll
[2012/01/07 10:07:08 | 000,005,499 | ---- | C] () -- C:\Windows\System32\pbcl.db
[2012/01/07 10:07:08 | 000,000,112 | ---- | C] () -- C:\Windows\System32\pbns_c.dat
[2012/01/07 01:05:58 | 000,840,264 | ---- | C] () -- C:\Users\tommyg\Desktop\pbsvc.exe
[2012/01/06 12:02:26 | 000,302,592 | ---- | C] () -- C:\Users\tommyg\Desktop\gcnspqi8.exe
[2011/12/28 12:41:46 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk
[2011/12/19 13:49:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\We3oh15q.exe.b
[2011/12/19 00:35:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\gPEyO.com.b
[2011/12/19 00:34:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\X3 Terran Conflict.lnk
[2011/12/19 00:34:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\X3 Albion Prelude.lnk
[2011/12/19 00:33:52 | 000,000,112 | ---- | C] () -- C:\ProgramData\70fkeN.dat
[2011/12/19 00:33:51 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/19 00:33:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/19 00:33:49 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/19 00:33:48 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/19 00:33:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/19 00:33:46 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/19 00:33:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/19 00:33:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/19 00:33:43 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/19 00:33:42 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/19 00:33:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/19 00:33:40 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/19 00:33:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/19 00:33:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/19 00:33:38 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/19 00:33:37 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/19 00:33:36 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/19 00:33:36 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/19 00:33:35 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/19 00:33:34 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/19 00:33:33 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/19 00:33:32 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/19 00:33:30 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/19 00:33:29 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/19 00:33:28 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/19 00:33:27 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/19 00:33:26 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/19 00:33:26 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/19 00:33:25 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/19 00:33:24 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/19 00:33:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/19 00:33:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/19 00:33:19 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/19 00:33:18 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/19 00:33:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/19 00:33:16 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/19 00:33:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/19 00:33:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/19 00:33:13 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/19 00:33:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/19 00:33:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/19 00:33:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/19 00:33:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/19 00:33:08 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/19 00:33:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/19 00:33:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/19 00:33:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/19 00:33:03 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/18 14:38:35 | 005,925,611 | ---- | C] () -- C:\Users\tommyg\Terraria.exe
[2011/12/17 12:48:14 | 000,003,798 | ---- | C] () -- C:\Users\tommyg\Desktop\Skills_20111217_124814.csv
[2011/12/16 23:51:49 | 000,001,564 | ---- | C] () -- C:\Users\Public\Desktop\Flatout 3.lnk
[2011/12/16 21:36:21 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/12/16 16:29:06 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/15 04:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/12/12 13:18:27 | 000,000,973 | ---- | C] () -- C:\Users\tommyg\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/12/12 13:18:27 | 000,000,949 | ---- | C] () -- C:\Users\tommyg\Desktop\ImageConverter Plus.lnk
[2011/11/24 19:18:20 | 000,002,081 | ---- | C] () -- C:\ProgramData\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
[2011/11/10 02:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/11/10 02:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/11/08 13:52:31 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/10/21 19:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/10/11 15:22:15 | 000,000,120 | ---- | C] () -- C:\Users\tommyg\AppData\Roaming\4fabdb80.dat
[2011/09/19 15:40:48 | 000,000,133 | ---- | C] () -- C:\Windows\entpack.ini
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/18 20:27:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/07/02 00:08:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/02 00:07:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/27 18:20:45 | 000,054,000 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll
[2011/06/13 07:35:38 | 000,007,599 | ---- | C] () -- C:\Users\tommyg\AppData\Local\Resmon.ResmonCfg
[2011/06/12 20:40:16 | 000,138,904 | ---- | C] () -- C:\Users\tommyg\AppData\Roaming\PnkBstrK.sys
[2011/06/10 19:02:41 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/06/09 22:31:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2011/06/09 22:24:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\slbmgpg.dll
[2011/06/09 22:24:24 | 000,000,059 | ---- | C] () -- C:\Windows\System32\UFS2xxun.ini
[2011/06/05 21:33:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/31 06:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 06:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/21 18:19:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/05/17 23:16:07 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/04/27 22:35:01 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/24 21:50:28 | 000,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2011/04/10 19:16:07 | 000,007,512 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/02 23:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/02 18:10:08 | 001,663,488 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/02 18:10:08 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/02 18:10:08 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/01/27 05:12:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/12/06 13:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010/11/11 14:51:29 | 000,000,805 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,411,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,727,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,143,380 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/22 06:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2005/05/25 12:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

========== LOP Check ==========

[2011/11/30 14:02:16 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\.minecraft
[2011/07/01 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\abgx360
[2011/06/14 12:29:34 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Birdstep Technology
[2011/10/09 08:17:58 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\BlackBean
[2012/01/07 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\DAEMON Tools Lite
[2011/12/19 18:44:30 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Eha
[2012/01/08 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\FLV Extract
[2011/10/06 01:52:36 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\GetRightToGo
[2011/04/04 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\ImgBurn
[2011/08/27 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Kalypso Media
[2011/08/15 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\mc
[2011/11/09 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Megamedia
[2011/09/03 12:53:32 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Microgaming
[2012/01/08 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Moyea
[2011/09/22 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\OnLive App
[2011/12/16 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Origin
[2011/06/27 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Proxifier
[2011/12/19 04:33:06 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Qiq
[2011/08/06 23:47:50 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\runic games
[2011/04/02 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Spirited Machine
[2011/10/23 09:06:20 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\SPORE
[2011/04/12 11:54:41 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Sports Interactive
[2012/01/09 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Spotify
[2011/08/31 03:40:59 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\System
[2011/08/21 12:26:14 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\SystemRequirementsLab
[2011/08/22 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\The Creative Assembly
[2012/01/07 11:38:38 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\TS3Client
[2011/11/18 21:32:10 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Tunngle
[2011/07/04 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Unity
[2012/01/09 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\uTorrent
[2011/04/20 13:21:41 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Vodafone
[2011/11/15 23:01:13 | 000,000,000 | -HSD | M] -- C:\Users\tommyg\AppData\Roaming\wyUpdate AU
[2011/05/06 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\tommyg\AppData\Roaming\Xbins
[2012/01/09 00:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/01/09 04:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/01/09 05:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/01/09 05:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/01/09 06:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/01/09 06:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/01/09 07:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/01/09 07:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/01/09 08:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/01/09 08:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/01/08 09:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/01/09 00:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/01/08 09:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/01/08 10:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/01/08 10:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/01/09 11:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/01/09 11:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/01/09 12:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/01/09 12:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/01/08 13:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/01/08 13:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/01/09 14:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/01/09 01:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/01/09 14:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/01/09 15:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/01/09 15:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/01/09 16:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/01/09 16:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/01/09 17:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/01/09 17:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/01/09 18:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/01/09 18:26:02 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/01/09 19:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/01/09 01:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/01/09 19:26:02 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/01/09 20:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/01/09 20:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/01/08 21:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/01/08 21:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/01/09 22:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/01/09 22:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/01/08 23:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/01/08 23:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/01/09 02:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/01/09 02:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/01/09 03:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/01/09 03:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/01/09 04:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/01/03 15:21:25 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 12:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/20 15:29:03 | 000,007,534 | ---- | M] () -- C:\debug.txt
[2011/05/21 17:31:37 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009/08/02 05:44:10 | 000,171,136 | ---- | M] () -- C:\grldr.bak
[2011/04/10 19:15:37 | 000,050,478 | ---- | M] () -- C:\hcwDriverInstall.txt
[2012/01/09 22:18:20 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/24 22:25:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/09 14:47:31 | 000,046,786 | ---- | M] () -- C:\JavaRa.log
[2011/09/18 09:12:50 | 000,000,000 | RHS- | M] () -- C:\jklm.ld
[2012/01/08 13:32:15 | 000,594,994 | ---- | M] () -- C:\MGlogs.zip
[2011/04/24 22:25:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/09/18 09:12:50 | 000,412,430 | RHS- | M] () -- C:\OWHBC
[2011/09/21 21:54:11 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
[2012/01/09 22:18:25 | 580,911,103 | -HS- | M] () -- C:\pagefile.sys
[2012/01/09 17:01:49 | 000,000,357 | ---- | M] () -- C:\rkill.log
[2012/01/08 22:53:04 | 000,004,848 | ---- | M] () -- C:\shared.log
[2004/06/11 15:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[2012/01/04 22:54:06 | 000,173,716 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_04.01.2012_22.52.05_log.txt
[2012/01/04 23:21:38 | 000,085,914 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_04.01.2012_23.21.14_log.txt
[2012/01/05 14:51:16 | 000,175,346 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_14.49.07_log.txt
[2012/01/06 00:42:11 | 000,086,230 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_00.37.30_log.txt
[2012/01/06 02:19:00 | 000,085,918 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_02.18.34_log.txt
[2012/01/06 02:20:33 | 000,089,184 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_02.19.02_log.txt
[2012/01/07 16:20:32 | 000,001,820 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_07.01.2012_16.20.20_log.txt
[2012/01/08 23:32:13 | 000,087,748 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_08.01.2012_23.31.38_log.txt
[2012/01/09 21:03:47 | 000,174,390 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_21.02.21_log.txt
[2012/01/09 21:05:05 | 000,177,182 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_21.03.58_log.txt
[2012/01/09 21:07:04 | 000,087,996 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_21.05.16_log.txt
[2012/01/09 22:03:28 | 000,086,462 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_22.02.48_log.txt
[2012/01/09 22:17:27 | 000,174,102 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_22.16.18_log.txt
[2012/01/09 22:21:31 | 000,085,022 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_09.01.2012_22.20.31_log.txt
[2011/06/18 16:51:31 | 000,000,152 | ---- | M] () -- C:\X-Plane Installer.prf

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 12:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2012/01/09 16:34:29 | 000,001,044 | ---- | M] () -- C:\Program Files\SimBin - Shortcut.lnk

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2012/01/07 09:47:39 | 000,005,499 | ---- | M] () -- C:\Windows\system32\pbcl.db
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/18 19:26:54 | 000,000,221 | -HS- | M] () -- C:\Users\tommyg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/09 15:43:52 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\tommyg\Desktop\aswMBR(1).exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\tommyg\Desktop\boot_cleaner.exe
[2007/02/23 14:55:48 | 000,816,841 | ---- | M] (CPUID) -- C:\Users\tommyg\Desktop\ClockGen.exe
[2011/03/30 13:54:18 | 000,558,920 | ---- | M] (CCP hf.) -- C:\Users\tommyg\Desktop\eve.exe
[2012/01/08 13:49:04 | 000,334,127 | ---- | M] () -- C:\Users\tommyg\Desktop\FSS(1).exe
[2012/01/06 12:02:29 | 000,302,592 | ---- | M] () -- C:\Users\tommyg\Desktop\gcnspqi8.exe
[2006/07/30 11:44:24 | 000,055,296 | ---- | M] () -- C:\Users\tommyg\Desktop\KeepOnTop.exe
[2010/10/21 01:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\tommyg\Desktop\MinecraftSP.exe
[2012/01/09 22:39:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tommyg\Desktop\OTL.exe
[2008/11/12 16:10:46 | 000,846,336 | ---- | M] () -- C:\Users\tommyg\Desktop\pbsetup.exe
[2012/01/07 01:05:59 | 000,840,264 | ---- | M] () -- C:\Users\tommyg\Desktop\pbsvc.exe
[2011/11/02 02:04:02 | 000,435,420 | ---- | M] () -- C:\Users\tommyg\Desktop\Scanner.exe
[2012/01/09 15:46:03 | 004,376,389 | R--- | M] (Swearware) -- C:\Users\tommyg\Desktop\tg.exe
[2011/06/27 15:42:42 | 2708,200,374 | ---- | M] (Nexon) -- C:\Users\tommyg\Desktop\VindictusSetupV131.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/05/17 22:12:57 | 005,925,611 | ---- | M] () -- C:\Users\tommyg\Terraria.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/09/05 16:24:14 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/09/05 16:24:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/09/05 16:24:13 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/09/05 16:24:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/09/05 16:24:13 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/09/05 16:24:14 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/05 16:27:27 | 000,000,402 | -HS- | M] () -- C:\Users\tommyg\Favorites\desktop.ini
[2011/12/12 13:23:10 | 000,000,296 | ---- | M] () -- C:\Users\tommyg\Favorites\NCH Software Download Site.lnk
[2011/06/18 19:27:22 | 000,000,278 | ---- | M] () -- C:\Users\tommyg\Favorites\NCH Software Download.lnk
[2011/05/17 22:12:57 | 005,925,611 | ---- | M] () -- C:\Users\tommyg\Favorites\Terraria.exe

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/08 16:22:38 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/08/11 10:43:50 | 000,159,464 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/11/24 19:18:20 | 000,002,081 | ---- | M] () -- C:\ProgramData\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
[2011/12/19 13:49:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\We3oh15q.exe.b

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2012/01/09 08:37:34 | 000,000,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\MBR.dat

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: AGP440.SYS >
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/11/11 14:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\tommyg\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\tommyg\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\tommyg\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\tommyg\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/11/11 14:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\tommyg\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\tommyg\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\tommyg\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\tommyg\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2010/11/11 14:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/11/11 14:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 05:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 05:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 05:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 05:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 05:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 12:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 12:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 05:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 12:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 12:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/03/11 05:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/03/11 05:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 05:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/03/11 05:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011/03/11 05:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011/03/11 05:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 05:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 05:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 05:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 05:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 05:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 05:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 12:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 12:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 12:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 12:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX3\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 01:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 12:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 12:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 12:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/11 14:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/11/11 14:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\tommyg\AppData\Local\Temp\RarSFX3\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSRV.DLL >
[2011/07/16 04:37:32 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=008F51AE989C3DF1CBAF8B39DC423CCC -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_b6706495fd94ea59\winsrv.dll
[2011/06/24 04:27:01 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=183B4188D5D91B271613EC3EFD1B3CEF -- C:\Windows\System32\winsrv.dll
[2011/06/24 04:27:01 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=183B4188D5D91B271613EC3EFD1B3CEF -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_b86291d1fab253ab\winsrv.dll
[2011/06/03 06:04:17 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=69DE8C799BA07A0EF6B834F76B4C0711 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_b6ec63d916bb8cbd\winsrv.dll
[2009/07/14 01:16:19 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=827E4F75901CA3F990B1487D3301841E -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_b654ecc5fda8cb1c\winsrv.dll
[2011/05/14 06:35:55 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=955CDF38E16B659DD7E1DF48C75E962C -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_b6a1a601fd6f129f\winsrv.dll
[2010/11/20 12:21:36 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=A9F564F254E9DDDE120A7135767EC24B -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_b886008dfa974eb6\winsrv.dll
[2011/06/24 06:05:56 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=AB00D1D5B8C4D59D641A626240E90589 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_b8e6602313d38e19\winsrv.dll
[2011/06/24 04:31:50 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=BA5584A89EEB75FC2942CFD7C90766F7 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_b6d3c32316ce789a\winsrv.dll
[2011/05/14 06:30:30 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=BA64A75A87C78D60D2A5919F5FB6A90A -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_b8890351fa9497e2\winsrv.dll
[2011/05/14 07:43:29 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=C47DE705BE85D4E6D7FC24E8F86B3612 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_b908d07b13b96cf4\winsrv.dll

========== Files - Unicode (All) ==========
[2011/05/18 17:44:28 | 000,002,210 | ---- | M] ()(C:\Users\tommyg\Desktop\??????? 2. ?????? ???????.lnk) -- C:\Users\tommyg\Desktop\Ведьмак 2. Убийцы королей.lnk
[2011/05/18 17:44:28 | 000,002,210 | ---- | C] ()(C:\Users\tommyg\Desktop\??????? 2. ?????? ???????.lnk) -- C:\Users\tommyg\Desktop\Ведьмак 2. Убийцы королей.lnk
(C:\Users\tommyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C-????????) -- C:\Users\tommyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C-СофтКлаб
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C-????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C-СофтКлаб

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB50427$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:1B61E10B0A2BD3DB

< End of report >
 
We have "hosts" file missing.

Open Notepad.
Paste the following text into it:

Code: 
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

p4483399.gif


NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O20 - Winlogon\Notify\jtskyee: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\jtskyee.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\jtskyee.dll ()
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell - "" = AutoRun
O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:1B61E10B0A2BD3DB

:Services

:Reg

:Files
C:\Windows\tasks\At*.job
C:\Documents and Settings\tommyg\AppData\Local\Temp\Rar*

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
that last thing i did didnt really agree with my pc :/ im currently on mini xp from a disk i have, after the last action the pc rebooted with no internet, its saying it cannot find the dchp service ill post the log from it hear now
 
Error: Unable to interpret <O33 - MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\Shell\AutoRun\command - "" = K:\autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\K\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 24 bytes -> C:\Windows:1B61E10B0A2BD3DB> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: tommyg
->Temp folder emptied: 15729723 bytes
->Temporary Internet Files folder emptied: 171051567 bytes
->Java cache emptied: 5973678 bytes
->FireFox cache emptied: 136537242 bytes
->Google Chrome cache emptied: 6228490 bytes
->Flash cache emptied: 3095215 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11371554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 335.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: tommyg
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01102012_010944

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
That log is incorrect.
When copying my script you missed very first line:
:OTL
Please redo.

If internet is still off.....

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
ok think i got all the script this time :eek:
but still no internet services running, hears the 2 logs

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jtskyee\ deleted successfully.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\jtskyee.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ not found.
File E:\hbcd\wintools\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1037ee9e-5d81-11e0-9a87-806e6f6e6963}\ not found.
File E:\hbcd\wintools\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66283340-62c6-11e0-99a9-0019dba6256d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66283340-62c6-11e0-99a9-0019dba6256d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66283340-62c6-11e0-99a9-0019dba6256d}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb7fc77d-6b50-11e0-a6a5-0019dba6256d}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc71aa22-5d53-11e0-8e39-0019dba6256d}\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\Setup.exe not found.
ADS C:\Windows:1B61E10B0A2BD3DB deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX0 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX1 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX2 folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\procs folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\nird folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3\h folder moved successfully.
C:\Documents and Settings\tommyg\AppData\Local\Temp\RarSFX3 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Public

User: tommyg
->Temp folder emptied: 428681 bytes
->Temporary Internet Files folder emptied: 36073687 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6209993 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3085984 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 893373 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: tommyg
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01102012_033729

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\jtskyee.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


-----------------------------------------------------------------------------------------


Farbar Service Scanner
Ran by tommyg (administrator) on 10-01-2012 at 03:41:35
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Yeah, the infection is blocking it.

Delete your Combofix file, download fresh one and try to run it again (normal or safe mode).
 
ok ill start it and go to bed if it dont move through the night i will just have to reinstall windows tomorrow, or do you think were getting any closer to finding the problem?
 
Hi i tryed running combofix all night with no joy but i tryed again on safe mode, now that it didnt download the update it works theres still no internet services running but 1 step at a time i suppose,
hears the log hope to hear soon,


ComboFix 12-01-04.03 - tommyg 10/01/2012 10:57:11.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2081 [GMT 0:00]
Running from: c:\users\tommyg\Downloads\ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tommyg\AppData\Roaming\Xbins
c:\users\tommyg\AppData\Roaming\Xbins\dict
c:\users\tommyg\AppData\Roaming\Xbins\FileZilla.xml
c:\users\tommyg\AppData\Roaming\Xbins\icon.ico
c:\users\tommyg\AppData\Roaming\Xbins\xbinsftp.exe
c:\windows\iun6002.exe
c:\windows\system32\Temp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-01-10 10:59 . 2012-01-10 10:59 -------- d-----w- c:\users\tommyg\AppData\Local\temp
2012-01-10 10:59 . 2012-01-10 10:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-01-10 10:59 . 2012-01-10 10:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 10:55 . 2012-01-10 10:55 -------- d-----w- c:\program files\ESET
2012-01-10 02:57 . 2012-01-10 02:57 189248 ----a-w- c:\users\tommyg\AppData\Roaming\PnkBstrB.exe
2012-01-10 01:09 . 2012-01-10 01:09 -------- d-----w- C:\_OTL
2012-01-09 21:03 . 2012-01-09 21:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-09 19:26 . 2012-01-10 10:56 -------- d-----w- C:\FRST
2012-01-09 16:52 . 2012-01-09 16:52 -------- d-----w- C:\tg2012
2012-01-09 01:11 . 2012-01-09 14:48 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-09 01:11 . 2012-01-09 14:48 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-09 01:08 . 2012-01-09 01:08 -------- d-----w- c:\program files\CCleaner
2012-01-09 00:12 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-08 22:28 . 2012-01-08 22:28 -------- d-----w- c:\users\tommyg\AppData\Roaming\Moyea
2012-01-08 22:27 . 2012-01-08 22:27 -------- d-----w- c:\program files\Moyea
2012-01-08 22:25 . 2012-01-08 22:25 -------- d-----w- c:\users\tommyg\AppData\Roaming\FLV Extract
2012-01-08 00:55 . 2012-01-08 00:55 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 00:55 . 2012-01-08 00:55 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 00:55 . 2012-01-08 00:55 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 00:55 . 2012-01-08 00:55 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 00:45 . 2004-06-11 15:33 290304 ----a-w- C:\subinacl.exe
2012-01-08 00:45 . 2012-01-08 00:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-08 00:20 . 2012-01-10 02:21 -------- d-----w- C:\MGtools
2012-01-07 22:50 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-01-07 21:51 . 2012-01-07 21:51 -------- d-----w- c:\users\tommyg\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 21:50 . 2012-01-07 21:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 21:50 . 2012-01-07 21:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-07 10:40 . 2012-01-07 10:40 -------- d-----w- C:\3da6d3f8aa9c540bbda9eb2d891d
2012-01-07 10:07 . 2012-01-07 10:07 -------- d-----w- c:\windows\system32\htm
2012-01-07 10:07 . 2011-09-29 17:07 -------- d-----w- c:\windows\system32\scrnshot
2012-01-07 09:53 . 2012-01-07 09:53 -------- d-----w- c:\windows\system32\pb
2012-01-06 11:59 . 2012-01-09 16:48 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 11:59 . 2012-01-06 11:59 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:34 . 2012-01-05 23:36 -------- d-----w- C:\ff
2012-01-03 12:46 . 2012-01-03 12:46 -------- d-----w- c:\program files\X3 map by Scorp
2011-12-28 12:41 . 2011-12-28 12:41 -------- d-----w- c:\program files\Eidos
2011-12-28 12:41 . 2011-12-28 12:41 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-12-28 12:41 . 2011-12-28 12:41 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-12-28 12:41 . 2005-11-13 23:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-12-28 12:41 . 2005-11-13 23:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-12-28 12:41 . 2005-11-13 23:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-12-28 12:41 . 2005-11-13 23:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-12-28 12:41 . 2005-11-13 23:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-12-25 19:16 . 2011-12-25 20:50 -------- d-----w- c:\users\tommyg\AppData\Local\ESN Sonar
2011-12-19 04:32 . 2011-12-19 18:44 -------- d-----w- c:\users\tommyg\AppData\Roaming\Eha
2011-12-19 04:32 . 2011-12-19 04:33 -------- d-----w- c:\users\tommyg\AppData\Roaming\Qiq
2011-12-18 14:38 . 2011-05-17 22:12 5925611 ----a-w- c:\users\tommyg\Terraria.exe
2011-12-16 23:53 . 2011-12-16 23:53 -------- d-----w- c:\programdata\RELOADED
2011-12-16 21:42 . 2011-12-16 21:42 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-12-16 16:29 . 2011-12-16 16:30 -------- d-----w- c:\users\tommyg\AppData\Roaming\Origin
2011-12-16 16:29 . 2011-12-16 16:29 -------- d-----w- c:\users\tommyg\AppData\Local\Origin
2011-12-16 16:28 . 2011-12-16 21:36 -------- d-----w- c:\programdata\Origin
2011-12-16 16:28 . 2011-12-16 16:32 -------- d-----w- c:\program files\Origin Games
2011-12-16 16:28 . 2011-12-16 16:28 -------- d-----w- c:\program files\Origin
2011-12-16 10:26 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B940EED-2DF7-46D7-B20A-796497C18128}\mpengine.dll
2011-12-15 11:45 . 2011-12-15 11:45 -------- d-----w- c:\programdata\ATI
2011-12-15 11:43 . 2011-12-15 11:43 -------- d-----w- c:\program files\AMD APP
2011-12-15 04:39 . 2011-12-15 04:39 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-12-14 10:09 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 10:09 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 10:09 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 10:09 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 10:09 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 10:09 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 13:26 . 2011-12-12 13:26 -------- d-----w- c:\users\tommyg\AppData\Roaming\NCH Software
2011-12-12 13:18 . 2011-10-12 17:53 200104 ----a-w- c:\windows\system32\cnvshell.dll
2011-12-12 13:18 . 2011-12-12 13:18 -------- d-----w- c:\program files\ImageConverter Plus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 02:21 . 2012-01-08 01:11 595670 ----a-w- C:\MGlogs.zip
2012-01-09 14:51 . 2011-06-12 20:40 138904 ----a-w- c:\users\tommyg\AppData\Roaming\PnkBstrK.sys
2011-12-20 18:51 . 2011-04-10 21:48 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-19 00:22 . 2011-07-31 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 05:54 . 2011-04-11 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 03:44 . 2011-11-10 03:44 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-01-27 06:00 774656 ----a-w- c:\windows\system32\aticfx32.dll
2011-11-10 03:12 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:11 . 2011-11-10 03:11 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 03:06 . 2011-01-27 05:49 6077952 ----a-w- c:\windows\system32\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 02:33 . 2011-03-09 04:30 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 02:29 . 2011-03-09 03:34 4200960 ----a-w- c:\windows\system32\atiumdva.dll
2011-11-10 02:18 . 2011-01-27 05:20 51200 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-10-26 01:22 348160 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2011-01-27 05:12 32256 ----a-w- c:\windows\system32\atiuxpag.dll
2011-11-10 02:11 . 2011-01-27 05:12 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 22:39 . 2011-11-09 22:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 22:39 . 2011-11-09 22:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 22:38 . 2011-11-09 22:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 22:37 . 2011-11-09 22:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-21 20:16 . 2011-10-21 20:16 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 20:15 . 2011-10-21 20:15 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-20 11:52 . 2011-10-20 11:52 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-10-20 11:52 . 2011-10-20 11:52 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-10-17 17:40 . 2011-10-17 17:40 85520 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2011-10-17 11:50 . 2011-09-13 20:17 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-17 11:50 . 2011-09-13 20:17 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-08 00:55 . 2011-04-11 08:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 09:49 176936 ----a-w- c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\users\tommyg\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-16 735608]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-03 1242448]
"Spotify"="c:\users\tommyg\AppData\Roaming\Spotify\Spotify.exe" [2011-12-19 4010160]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Proxifier"="c:\program files\proxifier\proxifier.exe" [2011-05-01 3953904]
"MegakeyUpdater"="c:\users\tommyg\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-01-13 64000]
"Megakey"="c:\users\tommyg\AppData\Local\Megamedia\Megakey\Megakey.exe" [2011-01-13 2593280]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-10-20 438272]
"Extraram"="c:\program files\Extra RAM\ExtraRAM.exe" [2010-05-01 554496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-08-18 272384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ExpressAccounts"="c:\program files\NCH Software\ExpressAccounts\expressaccounts.exe" [2011-04-16 2179076]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 466944]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\tommyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-15 3527576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 MpKsle92d1802;MpKsle92d1802;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C921AC8E-C2F4-489A-A3DB-78B384D1EDB1}\MpKsle92d1802.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-11-21 330072]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-11-15 329544]
R2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
R3 81647994;81647994; [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ExpressAccountsService;Express Accounts;c:\program files\NCH Software\ExpressAccounts\expressaccounts.exe [2011-04-16 2179076]
R3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [2011-04-16 1687044]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 HCW713x;Hauppauge WinTV-HVR 713X PCI Card;c:\windows\system32\DRIVERS\HCW713x.sys [2010-01-15 1156224]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-06 35776]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-01-19 9216]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 594976]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-08-11 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-08-11 194048]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-02 218688]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [2010-05-20 61952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50860462
*Deregistered* - 50860462
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 20:59]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 20:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
IE: Capture Web Page - c:\users\tommyg\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\users\tommyg\AppData\Local\Megamedia\Megakey\MegaUpload.htm
Trusted Zone: clonewarsadventures.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA2245E5-D84A-44A2-9DAD-88503CE6BA14}: NameServer = 10.14.32.1
FF - ProfilePath - c:\users\tommyg\AppData\Roaming\Mozilla\Firefox\Profiles\k8s2y8j7.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EADM - c:\program files\Electronic Arts\EADM\EADMUI.exe
SafeBoot-71737991.sys
AddRemove-BattlEye - j:\program files\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - j:\program files\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Driver San Francisco - j:\program files\Black_Box\Driver San Francisco\Uninstall\Uninstall.exe
AddRemove-Generic USB Card Reader Driver - c:\windows\iun6002.exe
AddRemove-v1.9e3 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{77F4E711-789B-447F-9614-96759B2F83C6}"=hex:51,66,7a,6c,4c,1d,38,12,7f,e4,e7,
73,a9,36,11,01,e9,02,d5,35,9e,71,c7,d2
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fe,85,de,e5,06,be,cc,01
.
[HKEY_USERS\S-1-5-21-2635475901-267015660-3542911192-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,bf,72,db,fb,14,cf,b2,fb,e7,fd,05,93,3c,46,b7,45,68,a2,5c,2b,
49,32,43,95,d1,7a,90,e1,86,7d,2a,d2,96,ad,67,45,27,e5,45,e5,5a,8e,26,13,09,\
"rkeysecu"=hex:31,08,5c,0a,73,8b,38,85,0d,de,26,4c,4c,a2,8e,2f
.
Completion time: 2012-01-10 11:02:13
ComboFix-quarantined-files.txt 2012-01-10 11:02
.
Pre-Run: 14,789,316,608 bytes free
Post-Run: 14,519,783,424 bytes free
.
- - End Of File - - E76526385C83B37B72DE4424642C3E89
 
Safe mode is fine, but...
Delete your Combofix file, download fresh one on another working computer, transfer it to bad computer using USB flash drive and run it again.
 
Delete your FixTDSS file.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Same message as last time 'backdoor.tidserv has not been found'
:/ have you any idea what it is and is it worth me just formatting and starting again?
 
Ahhh no problem mate at least we tryed :)

just formated and reinstalled windows, everything will be sweet, at least i only lost some files, managed to find a old 80gig hdd to put a nice bit of stuff on, thanks for the help mate :)
 
You must log in or register to reply here.

Similar threads

S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back