Jump to content

Virus SYSTEM RESTORE ми блокира тотално компа- help


Препоръчан пост

Virus SYSTEM RESTORE ми блокира тотално компа - черен екран , в старт менюто няма нищо , всичко е празно , пълен блокаж , даже и на таск манажера, стартира вируса и ми дава че съм заразен с разни гадини , и иска да го закупя , излиза ми съобщение че харда ми частично е повреден . Успях да пусна Авира, ама хич я няма. Няма ми я и куик лентата , за да пусна Malware antiwirus , тя със сигурност ще хване гадината . Не съм пускал в сеив моде , исках най напред да получа адекватни указания.

Чудя се дали направо дали да не преинсталирам , ама не съм сигурен дали харда не е поразен.

Сега пиша от друг комп.

Моя комп е HP Compaq 2200 dx , Уиндос ХР СП3 , рам 2 Гб , хард 160 Гб , П4 .

Moля за помощ .

Link to comment
Сподели другаде

  • Отговори 43
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Допълнителна информация :

Успях да влезна в сейв моде , всичко беше променено и всички дялове , папки и др скрити. Успях да пусна Malwarebytes antivirus . Първия път откри 7 вируса , втория - 1 , а третия - 0 .

Макар и да унищожих вирусите , положението е плачевно , явно вървя към преинсталация .

Чакам още указания .

Link to comment
Сподели другаде

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Link to comment
Сподели другаде

Night_Raven , както съм писал компа ми е блокиран тотално, аз пиша опт друг комп сега. На него излиза само една таблица на System restore и нищо друго , черен екран , всичко друго е скрито . В сев моде едва успях да покажа дял С: и да пусна Авира и Malwarebytes -резултат от унищожаване на вирусите - никакъв .

Давам снимки с фотоапарат за пригледност .

Това ми се явява пъвроначално в сейв моде

http://postimage.org/image/y954zo5ev/

тези гадини откри Malwarebytes

http://postimage.org/image/ei8bg26av/

 

 

Тези указания дето ми ги давате надали мога да ги изпълня .

Аз се отчаях , защото виждам директно какво е положението .

Моля да ми обясните дали е добре да преинсталирам или ше се влоши положението.

Link to comment
Сподели другаде

Можете ли изобщо да стартирате операционната система нормално?

 

Изглежда сте се натъкнали на Rogue HDD зарази, които представляват софтуер, създаден да залъже потребителя, че съществуват различни проблеми със системата. Оттук веднага може да разберете, че няма никакъв проблем с твърдия диск.

 

Ако е възможно да стартирате системата, изпълнете това, което е препоръчал Night_Raven.

 

Ако не е възможно гореспоменатото, то тогава:

Изтеглете RKill by Grinler оттук.

  • Преди да започнете, се уверете, че сте изключили антивирусната си програма, както и всякакъв друг anti-malware софтуер.
  • Стартирайте RKill от Вашия десктоп.
  • Ще се появи черен екран, който ще изчезне след това. Това означава, че инструментът се е стартирал успешно.
  • Ако инструментът не се стартира, то моля, кажете това в следващия си пост.
  • След работа с RKill НЕ рестартирайте системата.

Внимание: Ако е невъзможно стартирането на инструмента , то ще се наложи той да бъде изтеглен на чиста операционна система и след това качен на преносим носител.

Link to comment
Сподели другаде

Малко не разбрах. Не винаги успява да зареди в Safe Mode?

 

Night_Raven , винаги мога да заредя Safe Mode .

Както разбирам , трябва да заредя Safe Mode с интернет , да изключа антивирусна и др. подобни и да изпълнявам вашите указания в Safe Mode . За пръв път ще влизам в такъв режим с интернет .

Заслужава се да опитам , за да спася компа .

Ще се опитам и ще пиша за резултата .

 

Можете ли изобщо да стартирате операционната система нормално?

 

Изглежда сте се натъкнали на Rogue HDD зарази, които представляват софтуер, създаден да залъже потребителя, че съществуват различни проблеми със системата. Оттук веднага може да разберете, че няма никакъв проблем с твърдия диск.

 

Ако е възможно да стартирате системата, изпълнете това, което е препоръчал Night_Raven.

 

Ако не е възможно гореспоменатото, то тогава:

Изтеглете RKill by Grinler оттук.

  • Преди да започнете, се уверете, че сте изключили антивирусната си програма, както и всякакъв друг anti-malware софтуер.
  • Стартирайте RKill от Вашия десктоп.
  • Ще се появи черен екран, който ще изчезне след това. Това означава, че инструментът се е стартирал успешно.
  • Ако инструментът не се стартира, то моля, кажете това в следващия си пост.
  • След работа с RKill НЕ рестартирайте системата.

Внимание: Ако е невъзможно стартирането на инструмента , то ще се наложи той да бъде изтеглен на чиста операционна система и след това качен на преносим носител.

s.feradov , мога да заредя уиновса нормално , зарежда , но всичко е скрито , показва ми се само една таблица с вируса , който иска да сканира или да го закупя. В старт менюто няма никой , алл програмс пише - изпразнено , изобщо само тази таблица на вируса на дескопа .

 

OTL Extras logfile created on: 29.10.2011 г. 17:57:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

 

1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free

3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFS

Drive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS

 

Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"19727:TCP" = 19727:TCP:*:Enabled:BitComet 19727 TCP

"19727:UDP" = 19727:UDP:*:Enabled:BitComet 19727 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"F:\PROGRAMS\SPRINT LAYOUT _5_PORTABLE_RUS\Spint_Layout_5_portable_rus\Spint_Layout_5_rus\layout50.exe" = F:\PROGRAMS\SPRINT LAYOUT _5_PORTABLE_RUS\Spint_Layout_5_portable_rus\Spint_Layout_5_rus\layout50.exe:*:Enabled:layout50

"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A60F381-92E2-4F2D-A74B-691A4B4FF0FC}" = TP-LINK Wireless Client Utility

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode

"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent

"{40A0B29E-B270-450B-BF4D-34493A934523}" = Домашен Кулинар FX

"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{6AECFE2F-86D3-4EA8-B110-19CDAA343199}" = ItaEst - Taka e!

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant

"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap

"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget

"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax

"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM

"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime

"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AskTBar Uninstall" = Ask Toolbar

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BabylonToolbar" = Babylon toolbar on IE

"BitComet" = BitComet 1.27

"CCleaner" = CCleaner (remove only)

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"facemoods" = Facemoods Toolbar

"Google Updater" = Google Updater

"HDMI" = Intel® Graphics Media Accelerator Driver

"High Quality Photo Resizer_is1" = High Quality Photo Resizer 5.02

"ie8" = Windows Internet Explorer 8

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware, версия 1.51.2.1300

"MSNINST" = MSN

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"PhotoScape" = PhotoScape

"Proxy+" = Proxy+

"SpeedFan" = SpeedFan (remove only)

"Unlocker" = Unlocker 1.9.0

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Архиватор WinRAR

"Yahoo! Companion" = Yahoo! Toolbar

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FoxTab PDF Converter" = FoxTab PDF Converter

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 15.9.2011 г. 05:43:55 | Computer Name = HOME-F8D6E85E47 | Source = ESENT | ID = 490

Description = svchost (1352) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

 

Error - 28.10.2011 г. 14:07:18 | Computer Name = HOME-F8D6E85E47 | Source = MSDTC | ID = 4404

Description = MS DTC Tracing infrastructure : the initialization of the tracing

infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,

Line: 1115, StartTrace Failed, hr=0x800700a1

 

Error - 28.10.2011 г. 16:05:16 | Computer Name = HOME-F8D6E85E47 | Source = MBAMService | ID = 131073

Description =

 

[ System Events ]

Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The Bandoo Coordinator service failed to start due to the following

error: %%3

 

Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7001

Description = The MBAMService service depends on the MBAMProtector service which

failed to start because of the following error: %%2

 

Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the

following error: %%2

 

Error - 29.10.2011 г. 10:31:02 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

 

Error - 29.10.2011 г. 10:31:02 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

 

Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The MBAMProtector service failed to start due to the following error:

%%2

 

Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The StarOpen service failed to start due to the following error: %%2

 

Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The Bandoo Coordinator service failed to start due to the following

error: %%3

 

Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7001

Description = The MBAMService service depends on the MBAMProtector service which

failed to start because of the following error: %%2

 

Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000

Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the

following error: %%2

 

 

< End of report >

 

OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

 

1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free

3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFS

Drive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS

 

Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

PRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

PRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

PRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

PRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

PRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

MOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

MOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll

MOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll

MOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dll

MOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

MOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dll

MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)

SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)

DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)

DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found

O4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()

O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()

O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk D:\

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent

[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore

[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes

[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites

[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll

[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll

[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll

[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero

[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys

[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys

[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe

[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead

[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6

[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero

[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar

[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar

[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero

[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network

[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape

[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape

[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com

[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit

[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1

[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection

[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode

[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer

[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer

[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter

[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles

[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+

[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus

[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat

[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa

[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp

[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll

[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini

[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe

[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat

[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat

[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI

[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe

[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll

[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll

[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll

[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys

 

========== LOP Check ==========

 

[2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo

[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure

[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK

[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar

[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet

[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure

[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet

[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO

[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic

[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape

[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar

[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

 

< %USERPROFILE%\*.* >

[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel

[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent

[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist

[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat

[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG

[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini

 

< %USERPROFILE%\Application Data\*.* >

[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini

 

< %USERPROFILE%\Local Settings\Application Data\*.* >

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db

 

< %AllUsersProfile%\*.* >

 

< %AllUsersProfile%\Application Data\*.* >

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

 

< %USERPROFILE%\My Documents\*.* >

[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm

[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3

[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc

[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe

[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini

[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe

[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe

[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll

[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll

[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc

[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht

[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf

[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db

[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml

[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt

[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls

[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls

[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls

[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls

[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls

[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls

[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls

[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc

[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe

[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe

[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

 

< %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

 

< MD5 for: EXPLORER.EXE >

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

 

< MD5 for: WINLOGON.EXE >

[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

Link to comment
Сподели другаде

Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

 

:Processes
killallprocesses
:OTL
MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe
MOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe
IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore
[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe
[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk
[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files
:Reg
:Commands
[emptytemp]
[reboot]

Копирай текста точно както е в полето. Внимавай да не изтървеш началното двуеточие и всяка команда да е на отделен ред, както е в полето.

 

Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата.

 

Остави системата да стартира в нормален режим и виж дали ще има проблем.

 

След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар.

 

След това стартирай отново OTL, създай пресни дневници (както бях описал по-рано) и ги прикачи отново. Можеш да архивираш всичките файлове в един архив, а можеш и да ги прикачиш поотделно.

Link to comment
Сподели другаде

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\trfnnmNFIoGhaDl.exe deleted successfully.

C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.

C:\Documents and Settings\TR45\Start Menu\Programs\System Restore folder moved successfully.

C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP moved successfully.

C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr moved successfully.

C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP moved successfully.

C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.

C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.

C:\Documents and Settings\TR45\Desktop\System Restore.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.

File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files .

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: TR45

->Temp folder emptied: 11253355 bytes

->Temporary Internet Files folder emptied: 9713253 bytes

->Flash cache emptied: 143128 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 471113 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18091 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 23,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_131037

Files\Folders moved on Reboot...

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\HLPQID8E\ac3[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\HLPQID8E\dir_bg[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\G4SQWH2V\27-компютърна-сигурност-и-защита-от-зловреден-код[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\13866-virus-system-restore-ми-блокира-тотално-компа-help[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\ac3[2].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\fastbutton[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

 

OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

 

1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free

3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFS

Drive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS

 

Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

PRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

PRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

PRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

PRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

PRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

MOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

MOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll

MOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll

MOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dll

MOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

MOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dll

MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)

SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)

DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)

DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found

O4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()

O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()

O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk D:\

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent

[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore

[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes

[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites

[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll

[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll

[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll

[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero

[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys

[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys

[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe

[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead

[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6

[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero

[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar

[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar

[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero

[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network

[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape

[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape

[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com

[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit

[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1

[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection

[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode

[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer

[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer

[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter

[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles

[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+

[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus

[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat

[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa

[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp

[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll

[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini

[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe

[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat

[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat

[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI

[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe

[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll

[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll

[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll

[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys

 

========== LOP Check ==========

 

[2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo

[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure

[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK

[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar

[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet

[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure

[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet

[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO

[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic

[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape

[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar

[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

 

< %USERPROFILE%\*.* >

[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel

[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent

[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist

[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat

[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG

[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini

 

< %USERPROFILE%\Application Data\*.* >

[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini

 

< %USERPROFILE%\Local Settings\Application Data\*.* >

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db

 

< %AllUsersProfile%\*.* >

 

< %AllUsersProfile%\Application Data\*.* >

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

 

< %USERPROFILE%\My Documents\*.* >

[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm

[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3

[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc

[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe

[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini

[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe

[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe

[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll

[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll

[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc

[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht

[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf

[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db

[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml

[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt

[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls

[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls

[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls

[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls

[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls

[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls

[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls

[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc

[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe

[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe

[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

 

< %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

 

< MD5 for: EXPLORER.EXE >

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

 

< MD5 for: WINLOGON.EXE >

[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

този път излезе само една таблица

 

Няма промяна , да не би да съм объркал нещо ?

Link to comment
Сподели другаде

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

 

Следвах ето тези указания . Май някъде бъркам , моля кажете .

Link to comment
Сподели другаде

Да , сигурен съм , но за всеки случай ще ги повторя и постна.

Ето какво направих:

Най напред изпълних указанията на ваш пост номер 8 , слагайки отметки , както е указано във ваш пост номер 3 .Постнах резултата , вижда се че има друго заглавие.

След което изпълних указанията на ваш пост номер 3 , съвсем точно и постнах излезлия резултат. Той беше само един , на ОТЛ , за разлика от първия път .

Нямаше промяна в компа .

Правилно ли съм действал и ако имам грешка , къде е тя ?

Link to comment
Сподели другаде

OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

 

1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free

3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFS

Drive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS

 

Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

PRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

PRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

PRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

PRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

PRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

MOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

MOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll

MOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll

MOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dll

MOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe

MOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dll

MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)

SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)

DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)

DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>

IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found

O4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()

O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()

O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk D:\

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent

[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore

[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes

[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites

[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll

[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll

[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll

[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll

[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll

[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll

[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero

[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys

[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys

[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe

[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead

[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6

[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero

[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar

[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar

[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero

[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network

[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo

[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape

[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape

[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com

[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit

[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1

[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection

[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode

[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode

[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer

[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer

[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter

[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon

[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images

[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts

[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles

[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+

[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus

[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe

[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr

[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat

[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk

[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa

[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp

[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip

[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini

[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk

[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll

[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini

[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe

[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat

[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat

[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI

[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe

[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll

[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll

[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll

[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys

 

========== LOP Check ==========

 

[2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo

[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure

[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK

[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo

[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon

[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar

[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet

[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS

[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited

[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure

[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com

[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet

[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO

[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo

[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic

[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape

[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong

[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar

[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft

[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT

[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

 

< %USERPROFILE%\*.* >

[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel

[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent

[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist

[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat

[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG

[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini

 

< %USERPROFILE%\Application Data\*.* >

[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini

 

< %USERPROFILE%\Local Settings\Application Data\*.* >

[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db

 

< %AllUsersProfile%\*.* >

 

< %AllUsersProfile%\Application Data\*.* >

[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP

[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe

[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe

[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP

[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr

[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

 

< %USERPROFILE%\My Documents\*.* >

[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm

[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3

[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc

[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe

[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini

[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe

[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe

[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll

[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll

[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc

[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht

[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf

[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc

[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav

[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db

[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml

[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt

[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls

[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls

[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls

[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls

[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls

[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls

[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls

[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc

[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe

[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe

[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe

[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe

[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe

[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe

[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip

[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe

[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent

 

< %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

 

< MD5 for: EXPLORER.EXE >

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys

[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

 

< MD5 for: WINLOGON.EXE >

[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

 

Само един апорт

 

следва второ действие

 

втото действие

 

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\trfnnmNFIoGhaDl.exe not found.

File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.

Registry key HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ not found.

Folder C:\Documents and Settings\TR45\Start Menu\Programs\System Restore\ not found.

File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP not found.

File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr not found.

File C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.

File C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP not found.

File C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe not found.

File C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk not found.

File C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr not found.

File C:\Documents and Settings\TR45\Desktop\System Restore.lnk not found.

File C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk not found.

File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files .

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: TR45

->Temp folder emptied: 12818269 bytes

->Temporary Internet Files folder emptied: 11196696 bytes

->Flash cache emptied: 1670 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 424313151 bytes

 

Total Files Cleaned = 428,00 mb

 

Error: Unable to interpret <[reboot> in the current context!

 

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_190228

Files\Folders moved on Reboot...

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\CBCKORCJ\ac3[4].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\13866-virus-system-restore-ми-блокира-тотално-компа-help[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[2].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[3].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\51WK2W99\ac3[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\51WK2W99\fastbutton[1].htm moved successfully.

C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

 

Докладвам , че вече гадината я няма след второто унищожаване на някопосочени файлове.

Но пораженията от нея остават , например :

-изчезнаха ми фаворитите , няма страшно, ще си ги добавя от другия комп

-Изчезнаха ми всички програми от All Programs от Start menu , мъчих се , ама не ми достигат силите , моля за помощ

--дескопа го опрвавих , има си моя картинка , ама оъ май пикчърс не мога да я свалв ,и там има нещо

- снимките в май пикчърс излизат на най ниска резолюция ,просто не можеш да разбереш какво е докато не я отвориш , а като кликна на някоя, излиза добре , къде ли не бърках , не можах да оправя проблема.

 

засега друго не откривам, то е ясно че има много поразии , но не съм ги открил.

Моля помагайте .

Link to comment
Сподели другаде

НОВА ИНФОРМАЦИЯ :

След престой от 1 час , нещо му стана на компа , с повод и без повод започна да иска да пращам рапорти за грешка. В същото време не мога да отворя интернет експлорера . След няколко опита компа блокира и иска рестарт. Но нищо не се променя . Антивирусната и Malwarebytes не показват вируси .

Бече съм в безизходица.

Опитах се да запиша гугъл хром на флашка , за да я инсталиран на повредения комп , просто не мога , нямам идея как да инсталирам този браузър.

Май ще започна преинсталация, аз поне не виждам изход.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...

×
×
  • Създай ново...