Click.GiftLoad Removal Help!

[soul4soul]

OTL Extras logfile created on: 4/27/2011 3:56:14 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lord\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 139.77 Gb Free Space | 60.04% Space Free | Partition Type: NTFS

Computer Name: ALEX | User Name: Lord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\UniServer\usr\local\mysql\bin\mysqld-opt.exe" = C:\UniServer\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt -- ()
"C:\UniServer\usr\local\apache2\bin\Apache.exe" = C:\UniServer\usr\local\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9CBEAEF3-C6BA-4F0F-8DC2-03B12BC8CF2F}" = Remere's Map Editor
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ERUNT_is1" = ERUNT 1.1j
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"FileZilla Client" = FileZilla Client 3.4.0
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PCTeXv5_is1" = PCTeX version 5.0
"PopCap Browser Plugin" = PopCap Browser Plugin
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"VLC media player" = VLC media player 1.1.6
"Web_4.0.1165.0" = Microsoft Expression Web 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2011 10:14:49 PM | Computer Name = ALEX | Source = Application Error | ID = 1001
Description = Fault bucket 1783041387.

Error - 4/22/2011 10:18:44 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/22/2011 10:21:27 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application 123abc.com, version 2.4.21.0, faulting module
123abc.com, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/23/2011 10:27:45 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application 123abc.com, version 2.4.21.0, faulting module
123abc.com, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/23/2011 12:25:30 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application 123abc.com, version 2.4.21.0, faulting module
123abc.com, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/23/2011 12:42:41 PM | Computer Name = ALEX | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/25/2011 8:08:42 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/25/2011 8:09:56 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 4/25/2011 9:31:42 PM | Computer Name = ALEX | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/27/2011 9:02:41 AM | Computer Name = ALEX | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 11/2/2009 9:29:05 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 11/2/2009 9:36:33 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 11/15/2009 7:24:39 PM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 12/9/2009 9:20:36 PM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 12/16/2009 6:11:36 PM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 1/8/2010 2:43:33 PM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 2/24/2010 11:32:29 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/25/2010 6:34:07 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/4/2010 6:58:59 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/15/2010 10:58:34 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 4/20/2011 10:50:46 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:46 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/20/2011 10:50:47 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

[ken545]

Download CKScanner by askey127 from Here & save it to your Desktop.

• Doubleclick CKScanner.exe then click Search For Files
• When the cursor hourglass disappears, click Save List To File
• A message box will verify the file saved
• Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

[soul4soul]

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

[ken545]

One more scanner and you will be good to go

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[soul4soul]

no threats found.

I did a scan with spybot (i didnt fix the problem). It still finds click.giftload. I dont get google redirects anymore and my start up time seems like its close to normal. I have 8 svchos.exes running (dont know how many there are suppose to be). I feel like firefox is slow still and unresponsive when first starting up but other then that things appear to be back to normal.

[ken545]

You may want to open up Firefox and disable some of your Add Ons, you may have one thats causing problems

svchost is a normal part of windows unless its been disguised as a virus, like the one for Click.Giftload.

This should remove it

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  
  :Services
  
  :Reg
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
  "svchost.exe"=-
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[soul4soul]

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe deleted successfully.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Lord\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lord\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Lord\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lord\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Lord\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lord\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 7235 bytes

User: Lord
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57921995 bytes
->Flash cache emptied: 13203 bytes

User: NetworkService
->Temp folder emptied: 13942 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 45104 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 889314 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4156438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04282011_161725

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_834.dat moved successfully.

Registry entries deleted on Reboot...

[soul4soul]

oh i only have 3 firefox addons. iv tried it a few times now and its starting to get better.

OTL logfile created on: 4/28/2011 4:53:45 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lord\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 142.50 Gb Free Space | 61.22% Space Free | Partition Type: NTFS

Computer Name: ALEX | User Name: Lord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lord\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lord\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RoxWatch11) -- File not found
SRV - (RoxMediaDB11) -- File not found
SRV - (RoxLiveShare11) -- File not found
SRV - (Roxio Upnp Server 11) -- File not found
SRV - (Roxio UPnP Renderer 11) -- File not found
SRV - (getPlus(R) Helper) getPlus(R) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()
SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions)
SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions)
SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)


========== Driver Services (SafeList) ==========

DRV - (c2scsi) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\System32\Drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\System32\Drivers\SaibIa32.sys (Sonic Solutions)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080517
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080517


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080517
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080517
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55273
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 10:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/01 11:52:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/21 13:58:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/07/09 09:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lord\Application Data\Mozilla\Extensions
[2011/03/11 10:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lord\Application Data\Mozilla\Firefox\Profiles\ns2o3ouy.default\extensions
[2010/04/28 15:14:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lord\Application Data\Mozilla\Firefox\Profiles\ns2o3ouy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/22 13:45:06 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Documents and Settings\Lord\Application Data\Mozilla\Firefox\Profiles\ns2o3ouy.default\extensions\redshift_V2@shift-themes.com
[2009/08/01 23:16:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Lord\Application Data\Mozilla\Firefox\Profiles\ns2o3ouy.default\searchplugins\search-the-web.xml
[2011/04/21 13:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NS2O3OUY.DEFAULT\EXTENSIONS\{CD6C4EBF-366E-45A0-98B5-B8217288EED7}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NS2O3OUY.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/04/08 06:58:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/28 16:17:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\Lord\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKU\S-1-5-21-3908872593-1432629759-1091945336-1006\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/s...re/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/...jolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 16:17:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 08:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/28 08:13:20 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Lord\Desktop\esetsmartinstaller_enu.exe
[2011/04/27 15:55:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lord\Desktop\OTL.exe
[2011/04/27 09:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/27 08:55:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/27 08:54:59 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Lord\Desktop\ATF-Cleaner.exe
[2011/04/25 21:25:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/25 21:25:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/25 21:25:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/25 21:25:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/25 21:25:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/25 20:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\tdsskiller
[2011/04/23 12:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/23 12:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/23 12:56:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lord\Desktop\erunt-setup.exe
[2011/04/22 22:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/22 20:54:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lord\Recent
[2011/04/22 20:10:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/22 20:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/22 13:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\CP-Autos
[2011/04/22 12:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/22 12:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/21 18:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/21 17:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/04/21 17:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/04/21 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/04/21 17:26:20 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/21 13:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/21 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Application Data\Malwarebytes
[2011/04/21 12:27:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/21 12:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 12:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 12:27:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/21 12:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 12:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/21 12:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/21 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/21 10:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/21 10:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/20 23:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Local Settings\Application Data\Microsoft Help
[2011/04/20 23:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/04/20 15:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\(DONE) African Diaspora Mathematics Compendium, Volume 4-ALL LATEX
[2011/04/20 14:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Application Data\Help
[2011/04/20 12:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/20 12:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/20 12:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sonic
[2011/04/19 16:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\world
[2011/04/18 17:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/15 18:01:01 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011/04/15 18:00:47 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011/04/15 17:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011/04/15 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/04/15 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Application Data\TweakNow RegCleaner 2011
[2011/04/12 14:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Products
[2011/04/12 13:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Local Settings\Application Data\Adobe
[2011/04/12 12:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Application Data\Adobe
[2011/04/12 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/12 09:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\Transmission Lines Theory, Types and Applications
[2011/04/08 18:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2011/04/08 18:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 22:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Local Settings\Application Data\PCTeX
[2011/04/04 22:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCTeX
[2011/04/04 22:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\PCTeX
[2011/04/01 16:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\My Documents\My PCTeX Files
[2011/04/01 12:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghostgum
[2011/04/01 12:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/04/01 11:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/04/01 11:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe-BackupByPhotoshopCS5Portable
[2011/04/01 11:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/03/31 10:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\Machine Tools Design, Reliability and Safety
[2011/03/31 10:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lord\Desktop\Advances in Sociology Research Volume 10

========== Files - Modified Within 30 Days ==========

[2011/04/28 16:26:06 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/28 16:24:29 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/28 16:19:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3908872593-1432629759-1091945336-1006.job
[2011/04/28 16:19:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 16:19:13 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 16:17:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/28 08:13:22 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Lord\Desktop\esetsmartinstaller_enu.exe
[2011/04/27 18:23:02 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 18:13:21 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\CKScanner.exe
[2011/04/27 15:55:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lord\Desktop\OTL.exe
[2011/04/27 08:55:00 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Lord\Desktop\ATF-Cleaner.exe
[2011/04/25 21:24:11 | 004,330,054 | R--- | M] () -- C:\Documents and Settings\Lord\Desktop\Combo-Fix.exe
[2011/04/25 20:08:04 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\tdsskiller.zip
[2011/04/25 20:04:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/23 13:01:47 | 000,003,801 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\Attach.zip
[2011/04/23 12:57:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\dds.scr
[2011/04/23 12:57:04 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Lord\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/23 12:57:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\ERUNT.lnk
[2011/04/23 12:56:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lord\Desktop\erunt-setup.exe
[2011/04/23 12:31:24 | 000,340,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 20:11:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/22 20:09:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 18:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3908872593-1432629759-1091945336-1006.job
[2011/04/21 13:58:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Lord\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/21 13:58:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/21 12:27:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 12:04:30 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\Spybot - Search & Destroy.lnk
[2011/04/20 13:10:49 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/20 07:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 18:53:58 | 000,000,019 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/04/18 18:32:29 | 000,630,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 18:32:29 | 000,136,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 17:44:31 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/12 12:43:14 | 000,011,495 | ---- | M] () -- C:\Documents and Settings\Lord\gsview32.ini
[2011/04/09 23:23:58 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/04/09 22:52:51 | 000,001,542 | -HS- | M] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 22:52:51 | 000,001,542 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/08 16:42:37 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\Remere's Map Editor.lnk
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 22:45:04 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\PCTeXv5.lnk
[2011/04/04 18:17:40 | 000,014,910 | -HS- | M] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\0810l5u6odc6bt4h
[2011/04/04 18:17:40 | 000,014,910 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0810l5u6odc6bt4h
[2011/04/03 12:03:59 | 000,014,183 | ---- | M] () -- C:\Documents and Settings\Lord\Desktop\test.otbm
[2011/04/01 16:25:00 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini

========== Files Created - No Company Name ==========

[2011/04/27 18:13:20 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\CKScanner.exe
[2011/04/25 21:25:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 21:25:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 21:25:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 21:25:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 21:25:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/25 21:24:05 | 004,330,054 | R--- | C] () -- C:\Documents and Settings\Lord\Desktop\Combo-Fix.exe
[2011/04/25 20:07:59 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\tdsskiller.zip
[2011/04/25 20:04:06 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/23 13:01:47 | 000,003,801 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\Attach.zip
[2011/04/23 12:57:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\dds.scr
[2011/04/23 12:57:04 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Lord\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/23 12:57:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\ERUNT.lnk
[2011/04/22 20:11:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/21 13:58:48 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Lord\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/21 13:58:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/21 13:50:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 12:27:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 12:04:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\Spybot - Search & Destroy.lnk
[2011/04/20 14:02:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/20 13:10:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/09 23:23:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/04/09 22:52:43 | 000,001,542 | -HS- | C] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/09 22:52:43 | 000,001,542 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2011/04/04 22:45:04 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\PCTeXv5.lnk
[2011/04/04 18:15:55 | 000,014,910 | -HS- | C] () -- C:\Documents and Settings\Lord\Local Settings\Application Data\0810l5u6odc6bt4h
[2011/04/04 18:15:55 | 000,014,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0810l5u6odc6bt4h
[2011/04/03 11:15:30 | 000,014,183 | ---- | C] () -- C:\Documents and Settings\Lord\Desktop\test.otbm
[2011/04/01 16:25:00 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/04/01 12:36:46 | 000,011,495 | ---- | C] () -- C:\Documents and Settings\Lord\gsview32.ini
[2011/02/06 11:34:25 | 009,566,435 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3908872593-1432629759-1091945336-1006-0.dat
[2011/02/06 11:34:10 | 000,347,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/27 20:40:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2010/07/09 00:20:09 | 001,708,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/20 20:08:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/01/26 20:10:47 | 000,055,809 | ---- | C] () -- C:\WINDOWS\CP-FPCOS100.dll
[2009/12/04 15:07:54 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/23 22:09:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/06/21 11:53:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/10 06:03:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/03/07 13:41:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/01/25 01:45:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/24 13:25:42 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/13 15:48:47 | 000,072,516 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/12 09:29:05 | 001,245,696 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2008/08/12 09:29:05 | 000,505,344 | ---- | C] () -- C:\WINDOWS\System32\QtXml4.dll
[2008/08/01 10:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/07/29 15:50:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2008/06/21 12:44:05 | 010,436,608 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2008/06/21 12:44:05 | 002,660,864 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2008/06/21 12:44:05 | 000,015,960 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2008/05/22 15:52:33 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/21 22:32:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/21 21:55:45 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/05/21 20:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 19:08:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 19:04:37 | 000,000,611 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/16 18:45:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/05/16 18:44:22 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,630,932 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,136,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/30 16:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Lord\My Documents\just stuff.lua:DocumentSummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Lord\Desktop\template.dmsd:Roxio EMC Stream
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\Lord\My Documents\just stuff.lua:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\Lord\My Documents\its my life.doc:SummaryInformation

< End of report >

[ken545]

Looks good, any issues ?

[soul4soul]

hey didnt mean to take so long to respond iv just be testing and using my PC making sure its all back to normal. It seems alright MS office will only open my old files in safe mode but besides that my system seems good. ran another scan with spybot and nothing showed up.