Unable to launch any exe

[shankar]

Hi ,

Thanks for your help. Yes I still have the disabled startup entry.

1.AntiMalware Doctor
c:\users\owner\appdata\roaming\ab7b4b82bb5928e695df8135fc0dfbc0\newreleaseversion70700.exe
2.oyqvdjwe pointing towards
c:\users\owner\appdata\roaming\jweokhpct\jfksvaushdw.exe
3.newreleaseversion70700.exe pointing towards
c:\users\owner\appdata\roaming\ab7b4b82bb5928e695df8135fc0dfbc0\newreleaseversion70700.exe

When I disabled the startup entries I didnt receive any popups or any other problem. So for last 2 or 3 days i didnt get any problem and my system seems to be usual But I afraid that they might be doing some passive logging or collecting info from my system. I am not sure what to do. So I have stopped doing any banking or online transactions. Please help.

[Blade81]

Hi,

Download & extract this file to it's own folder - Registry Search

Launch Registry Search
In the search box, enter (on separate lines)

AntiMalware Doctor
oyqvdjwe
newreleaseversion70700.exe


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.

& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.

[shankar]

Hi ,

below are the research logs.

**RegSearch LOG**

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 8/30/2010 11:54:21 PM for strings:
; 'antimalware doctor'
; 'oyqvdjwe'
; 'newreleaseversion70700.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Owner\\AppData\\Roaming\\AB7B4B82BB5928E695DF8135FC0DFBC0\\newreleaseversion70700.exe"="newreleaseversion70700.exe"

[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Owner\\AppData\\Roaming\\AB7B4B82BB5928E695DF8135FC0DFBC0\\newreleaseversion70700.exe"="newreleaseversion70700.exe"

; End Of The Log...

[Blade81]

Hi,

Please re-enable those items you disabled in msconfig (that shouldn't cause any issues since we nuked related files already) and then run OTL again (post OTL.txt log contents).

[shankar]

Hi ,
I enabled the three startup entries and ran OTL. Also i rebooted the system and ran OTL again so that I can get your help if something goes wrong.

This 1st post was run after i enabled those items in startup but before rebooting the pc.

**OTL LOG**

OTL logfile created on: 8/31/2010 12:36:14 AM - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 184.76 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 22:14:34 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/29 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [newreleaseversion70700.exe] C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found
O4 - HKCU..\Run: [oyqvdjwe] C:\Users\Owner\AppData\Roaming\jweokhpct\jfksvaushdw.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/08/29 22:35:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/29 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/29 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 22:14:34 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 00:36:14 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/31 00:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/30 23:13:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 23:13:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 17:15:14 | 064,087,930 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/30 17:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/30 02:09:22 | 000,807,366 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/30 02:09:22 | 000,668,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 02:09:22 | 000,128,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 20:41:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 20:41:38 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 20:40:50 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 20:40:50 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/29 20:40:45 | 004,567,850 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/29 18:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/05 00:29:29 | 000,001,133 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 00:35:00 | 000,001,133 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,807,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[shankar]

Hi ,
The below log is taken after rebooting the machine with those startup entries ticked. i havent received any popups or messages similar to what i used to get earlier.

**OTL LOG** (after ticking those startup item and reboot)

OTL logfile created on: 8/31/2010 1:00:49 AM - Run 5
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 185.02 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 22:14:34 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/29 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [newreleaseversion70700.exe] C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found
O4 - HKCU..\Run: [oyqvdjwe] C:\Users\Owner\AppData\Roaming\jweokhpct\jfksvaushdw.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/08/29 22:35:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/29 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/29 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 22:14:34 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 01:00:48 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/31 00:51:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:51:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:51:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 00:51:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 00:51:29 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 00:50:07 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/31 00:50:07 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/31 00:49:52 | 004,424,222 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/31 00:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/30 17:15:14 | 064,087,930 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/30 02:09:22 | 000,807,366 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/30 02:09:22 | 000,668,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 02:09:22 | 000,128,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/05 00:29:29 | 000,001,133 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 00:35:00 | 000,001,133 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,807,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[Blade81]

Good. Let's run OTL for one more time.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  O4 - HKCU..\Run: [newreleaseversion70700.exe] C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found
  O4 - HKCU..\Run: [oyqvdjwe] C:\Users\Owner\AppData\Roaming\jweokhpct\jfksvaushdw.exe File not found
  O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Users\Owner\AppData\Roaming\AB7B4B82BB5928E695DF8135FC0DFBC0\newreleaseversion70700.exe File not found

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log

[shankar]

Hi,
I ran RunFix and then rebooted and then ran OTL . The startup items are now removed . The run fix and OTL logs are below.

**RUNFIX LOG**

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\newreleaseversion70700.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\oyqvdjwe deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 08312010_020354


**OTL LOG**

OTL logfile created on: 8/31/2010 2:18:36 AM - Run 6
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop\malware removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 185.02 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.10 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 946.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/13 22:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 21:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 22:14:34 | 000,000,000 | ---D | M]

[2009/08/26 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/23 11:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
[2010/07/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions
[2010/04/20 23:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\srkqybg8.Addon-Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions
[2009/08/26 07:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 21:06:32 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/29 22:03:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/23 22:57:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/13 22:35:46 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/06/13 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firebug@software.joehewitt.com
[2010/06/13 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\firecookie@janodvarko.cz
[2009/12/05 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\personas@christopher.beard
[2009/11/21 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vgwb14vb.default\extensions\TFToolbarX@torrent-finder
[2010/08/30 03:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/29 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/07 14:25:24 | 000,415,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14358 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files (x86)\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/09 03:51:31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm02.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/28 11:14:05 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\AutoRun\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\configure\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4e216a4e-fa14-11de-90a3-0023ae13f647}\Shell\install\command - "" = H:\setup.exe -- [2006/10/28 12:00:48 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/08/29 22:35:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/29 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/29 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 22:14:34 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:33:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal
[2010/08/24 07:07:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/24 04:50:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log files
[2010/08/24 04:37:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/24 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/23 02:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/11 03:01:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/08/11 02:46:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 02:46:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 02:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 02:46:36 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 02:46:18 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 02:46:14 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 02:46:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 02:46:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 02:46:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 02:46:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 02:46:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 02:46:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 02:46:12 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 02:46:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 02:46:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 02:46:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 02:46:12 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 02:46:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 02:46:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 02:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 02:46:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 02:46:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 02:46:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 02:46:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 02:46:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 02:46:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 02:46:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/07 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/07 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/01 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/08/01 15:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/01 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/08/01 15:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/08/01 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 02:18:43 | 009,175,040 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/08/31 02:06:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 02:06:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 02:06:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 02:06:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 02:06:11 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 02:05:25 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/31 02:05:25 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/31 02:05:21 | 004,291,413 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/31 01:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
[2010/08/30 17:15:14 | 064,087,930 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/30 02:09:22 | 000,807,366 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/30 02:09:22 | 000,668,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 02:09:22 | 000,128,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 22:14:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/29 22:14:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/29 22:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/29 18:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
[2010/08/24 06:20:05 | 000,000,756 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010/08/24 04:26:26 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/23 02:25:40 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/22 18:41:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:44:30 | 000,036,352 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 01:41:48 | 000,387,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 02:19:59 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/07 14:25:24 | 000,415,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/07 14:05:08 | 000,001,123 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 00:58:14 | 000,000,957 | ---- | M] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 04:04:02 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | M] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 04:26:26 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/08/24 03:14:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 02:25:40 | 000,001,848 | ---- | C] () -- C:\Users\Owner\Desktop\Install.lnk
[2010/08/23 02:25:40 | 000,000,756 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010/08/07 14:05:08 | 000,001,123 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 14:05:08 | 000,001,099 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/02 04:04:01 | 000,000,831 | ---- | C] () -- C:\Users\Owner\Desktop\1mailto.html
[2010/08/02 03:42:43 | 000,000,957 | ---- | C] () -- C:\Users\Owner\Desktop\mailto.html
[2010/08/02 03:33:24 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/01 15:25:32 | 000,001,420 | ---- | C] () -- C:\Users\Owner\Desktop\DivX Movies.lnk
[2010/08/01 15:24:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/01 15:23:37 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/05 22:20:16 | 000,285,936 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_RefInt_x64_MSI50DD.txt
[2010/01/05 22:20:03 | 000,547,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI50B3.txt
[2010/01/05 22:19:53 | 000,442,486 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI5092.txt
[2010/01/05 22:19:23 | 005,361,572 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Build_x64_MSI5030.txt
[2010/01/05 22:19:14 | 000,654,946 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_Tools_x64_MSI5012.txt
[2010/01/05 22:18:34 | 002,507,814 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_x64_MSI4F90.txt
[2010/01/05 22:17:04 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 22:15:56 | 004,641,116 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_CrystalReports2007_MSI4D8C.txt
[2010/01/05 22:15:49 | 000,407,610 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_RDBG_AMD64_MSI4D75.txt
[2010/01/05 22:15:42 | 000,300,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_64bitEmulator_MSI4D5E.txt
[2010/01/05 22:15:07 | 005,158,754 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMSP_5_0_MSI4CEC.txt
[2010/01/05 22:14:16 | 007,065,284 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WMPPC_5_0_MSI4C45.txt
[2010/01/05 22:14:02 | 000,733,202 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCEDeviceRuntime_MSI4C18.txt
[2010/01/05 22:13:57 | 000,331,134 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLCEToolsForVS2007_MSI4C07.txt
[2010/01/05 22:13:47 | 000,358,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SSCERuntime_MSI4BE7.txt
[2010/01/05 22:12:50 | 000,876,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VSTOR_MSI4B2D.txt
[2010/01/05 22:12:27 | 001,050,246 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv35_MSI4AE1.txt
[2010/01/05 22:12:13 | 001,015,892 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NETCFSetupv2_MSI4AB4.txt
[2010/01/05 21:55:20 | 052,625,164 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog3DC8.txt
[2010/01/05 21:54:21 | 002,729,938 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_Dexplorer90_retMSI3D07.txt
[2010/01/05 21:54:13 | 000,355,634 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_PreReq_AMD64_MSI3CED.txt
[2010/01/05 21:54:00 | 000,866,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_MinRed_MSI3CC2.txt
[2010/01/05 21:52:10 | 000,190,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2010/01/05 21:51:57 | 000,555,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vs_procore_90.txt
[2010/01/05 21:51:57 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vs_procore_90.txt
[2009/12/05 14:04:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 14:02:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 17:06:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/20 23:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/15 07:57:57 | 000,807,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/15 07:14:30 | 000,337,390 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SharedManagementObjects_MSI6CB9.txt
[2009/09/15 07:14:26 | 000,172,150 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_SQLSysClrTypes_msi6CAC.txt
[2009/09/15 07:08:32 | 012,106,176 | ---- | C] () -- C:\Users\Owner\AppData\Local\VSMsiLog6828.txt
[2009/09/15 07:06:00 | 000,149,402 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_WinSDK_VWDTools_x64_MSI6634.txt
[2009/09/15 07:05:41 | 001,200,834 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65F9.txt
[2009/09/15 07:05:08 | 000,421,060 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_VC_Red_MSI658E.txt
[2009/09/12 21:22:32 | 000,222,380 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2009/09/12 21:22:23 | 000,628,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_install_vns_xcor_90.txt
[2009/09/12 21:22:23 | 000,023,878 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/09/12 21:22:23 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_error_vns_xcor_90.txt
[2009/08/20 06:05:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/05 09:32:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/08/05 09:32:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
[2009/07/08 09:33:19 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/04/23 18:14:07 | 000,000,438 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/19 07:47:54 | 000,036,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/04 04:37:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 16:50:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 16:47:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 16:47:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/01/21 08:20:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 01:00:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

[Blade81]

Good. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

• Double-click OTL.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  
  2. Click the start button (at the lower left hand corner of your screen)
  3. Click run
  4. In the dialog box, type services.msc
  5. hit enter, then locate dns client
  6. Highlight it, then double-click it.
  7. On the dropdown box, change the setting from automatic to manual.
  8. Click ok
• Download and run Secunia Personal Software Inspector (PSI) and fix its findings.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

[shankar]

Hi ,
First : Many thanks for helping me out of this.
... I have reset and re-enabled the system restore as per
your instruction.There is a drive named recovery in my system which came as a partition with the laptop when I bought. System recovery was not enabled it it before ans hence I havent enabled it now also. Is that ok or shud I enable it now? I am not sure abt the drive but was told that it has the files needed for reinstalling windows OS if something goes wrong.

I downloaded the host file and manually replaced the host file with the one which I downloaded. I used to replace the host files so I think manually replacing the host file is ok. Also I had Spybot which had created some entries in the host file. Now having replaced the host file with the downloaded one, shud I be again running spybot to overwrite the host file or is the one which you asked me to download is more than enough??

OTL cleanup done and it got self deleted.

I downloaded Secunia PSI and fixed the threats (i.e., missing updates).

My system seems to be ok now without any issues..I was just looking htru the startup entries and I just saw one entry which has the Manufacturer as Trend Micro (I had this pre-installed in my Laptop but now trial version has expired. I dont use it anymore I use AVG free in my laptop). THe startup entry is named as TrendMicro Internet Security and it points to the location in C:\Program FIles\Trend Micro\Internet security\tisspwiz /Delay. Is this a valid file or is this again a spyware. I havent uninstalled trend micro from my laptop it it still installed but just pop ups sometimes saying that the trial version has expierd. The only thing I am concerned is that name of the exe (tisspwiz.exe)...How do I know if the file is a valid one or not?

Shud I be relying on my spywares to identify them?

I have Spybot S&D and AVG..and now Secunia.

Shud I install adaware ? I havent heard of it .

I have asked many doubts in this post. You might have to help many others like me so I thought i cud use the your time least....kindly bear with me..