Bankerfox.A

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Bankerfox.A3rd February 2010, 4:24 pm

Hi there!

X64, Windows Vista

I think I have come to the right place. Read a little about this common problem and could get my system back after installing spyware doctor from a zip drive. Avast and AVG don't find a problem during the scan and I am too cheap to pay for the doctor only to remove the infection. Plus I wouldn't be sure that everything compromised would be removed since other virus scanners don't seem to find a trace of this....

So, I downloaded HiJackThis and get a message that my host file cannot be accessed. Running as an admin is not offered after right clicking the icon. I would like to post my file here to have someone knowledgeable to look over it though.

Hoping for a helping hand.... Thank You!

Re: Bankerfox.A3rd February 2010, 6:23 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Bankerfox.A3rd February 2010, 6:39 pm

OTL Extras logfile created on: 2/3/2010 1:26:05 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Cornel\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
8.00 Gb Paging File | 3.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 325.63 Gb Total Space | 207.81 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 1.30 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 334.60 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive F: | 620.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 2.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 74.50 Gb Total Space | 21.62 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: DESKTOPPCHOME
Current User Name: Cornel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLCnew\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLCnew\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLCnew\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLCnew\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D820DF-78AA-46AB-9DBE-3BB274680911}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0D37E58D-A899-421D-9446-0CE2E565CCD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121514EE-1527-4502-BF4A-72CD6BBDF946}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1CB803DF-26D3-4026-B84D-450932915596}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D82DC5A-57B6-4812-AAFE-DA9B0FAD2767}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{2A28C35E-06D0-42CA-8E2B-47CB0FBA5CB7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{334A6BB7-F46F-40C8-BC97-AC88907D72B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{469F6F63-0DDC-49B5-8F37-84441BC212CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46AA4E8C-D837-4F0D-9B2F-D4F3D65B867B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{55A0B359-8559-40C2-A684-15D776DCC84D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71A3EE23-0172-41D2-A53F-1D3FF21B5CC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75DA56A7-B78A-44AC-B738-7E6281F36EB3}" = rport=2178 | protocol=6 | dir=out | app=system |
"{7B8CBD81-708A-463B-AED4-2ECD0B571F93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7FD3D60B-1F83-45DB-932E-A8D058DAEC6D}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{7FE2B50B-3700-4D93-9303-A5B0E8C78E60}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{872DF352-8161-485E-AF14-5F24AB6A6CBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{897BE5F4-8653-4202-AC8A-C8B538D0CC9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{8A26190A-11CF-42AF-9F82-4E6CB9FCDF7B}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B907040-E6BD-4AEB-987B-CD9D63ECB3D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BCE947B-6C37-41FA-BA87-FE07FB2A335B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92589965-2BBA-419C-9B4A-69E0FA2A750F}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{942DDA37-D2B6-447E-BF30-0D75F1C5DAE4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{955DF3D6-EBC9-4FC2-83D6-C32EE874C778}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4F7751-4D1A-4138-8DB3-9EC60BDE55A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D6B6B4F-4170-4EE6-A6CD-C21AC9CB9FB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9DD9F1D9-E6C5-4313-AA03-9DEF11581D8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A42BED97-299A-4550-A915-FC9AEB97CB0D}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA97C224-1497-482B-87EF-FFFE547AAD54}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF945AE9-1E52-4D67-9173-97B99D188AF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1782535-BEEA-4C53-A6E7-8AB60C2AD311}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5344F8D-CE6A-4A19-ACA8-076C8F3CBEFC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B7101B79-87EE-461C-A0E7-944CD4925C5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9482FE4-499B-4809-B8E5-CFA87A8ED2EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD736734-47A8-4A8D-8E57-E0DBA1DBF831}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{BDA7D375-DB28-4853-9C65-932465E2AE82}" = lport=14734 | protocol=6 | dir=in | name=bitlord |
"{D41B97B2-9300-4B5A-94C5-9E87AC75536B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAADE177-E6C0-4693-8AA5-C6D727AD35DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{DAB890EF-FE5B-47F5-9018-0959D1346993}" = lport=138 | protocol=17 | dir=in | app=system |
"{E79AEC2A-766A-4E19-AA7D-57A72812CA91}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EEB04C78-5FF1-4528-9470-DADEFFB26757}" = lport=2178 | protocol=6 | dir=in | app=system |
"{F3F560F2-81BC-4E74-AEEA-93B676A13FB3}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{F7371DA8-F4FD-4521-89AA-0A4DE61B3A5C}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{F8448A61-FF66-4AFE-BABF-738DD42C0785}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC42374D-D195-4715-A13D-59B75357A388}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B3B324-4285-4C66-A077-E4CC680A8510}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0459E311-C638-4445-A619-F170C623E600}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F86FA3C-FE88-4390-B88D-D22F8D05D5AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2492EC88-9751-4B74-A584-740941579E4C}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2500C1C1-AA2E-4DCD-B85C-B75673E53F42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38EA32F4-E258-4489-A5B8-CD75BFE1EE3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{396F94AF-03A7-4E4D-9635-9E403DE09808}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3C3619B8-765B-48EA-B6EB-73CE72A7A65A}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4A75735B-975F-4ADC-9240-BBC181EBC28D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52C68879-7157-4114-82DE-10A72EC7EAFB}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{5B1D1705-E334-4D5F-8633-2C8B557A880C}" = protocol=6 | dir=out | app=system |
"{6B23AA01-C9BF-4181-9C06-2BF7F3A381F1}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein\x64\logmein.exe |
"{6E27A83E-256B-4C20-BA28-864D48B2D1DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{8842C7E0-D0A5-4A34-ABAC-7A93CE173BCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93A5A2C2-EDDB-43FD-B7EB-AEFCAF508B33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{982E2CB9-AE79-4F16-894A-D7E6B2B3F1A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A33D073D-83FE-4CD8-B644-87A672EA83DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6372A18-7B10-4155-867A-B46D7FC9CCA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACE38E82-C8BB-445F-AA74-F0A721C3BBBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B222BD94-8318-4DA7-945E-0B59FD349DA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8640279-9C2E-4352-8F68-1E2887A865B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BAFD1B0E-8E43-45B9-9937-C0DBC503B1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein\x64\logmein.exe |
"{BB8214E4-30CA-4845-8BBC-C90081409F9C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3DE6E71-67B8-4488-B9F4-7C688719C41A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8127841-8CEC-4020-9ADE-97F8F5624B47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2C39AA1-88C0-48F0-BFE8-66E2924ED1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D9CBBEE1-9B8E-4C04-99FD-F85981DBB9CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1D4CA37-B219-4237-9C9F-23D07397C525}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB417B7F-34FD-4EFA-93D7-99C899F6E2D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBC4A202-2CB6-4A82-B670-0C66B2EDA946}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F6826111-E63D-4EFC-88C0-9B0A88465049}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF8B8DED-E763-4795-B837-C9AA27862886}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0B6D09BB-914B-4F96-9E7A-7A0631A410CC}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{0B945DF1-5360-44F3-9891-071E7C4724E7}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{15EEE0A1-BEB8-48C2-B5D9-129534FF8B9B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{186439CD-6EF2-431A-B5BD-1DF1F61E9AC8}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{287BCAC2-5196-4467-86AB-AFE8F517AC5A}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{31A2C031-CF65-49DE-9E6A-5DC4341E536D}C:\users\cornel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\cornel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{5B1FDD48-09B9-426C-BD17-5987A705EB3A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{A3DD0685-78C5-4219-9D07-E19D844D017D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B7104FFB-6075-4A29-AA37-A68B12EC5313}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B878A07E-02A0-46F6-AD9A-A039A8240C22}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{C7540548-BF66-4BF7-9F07-87D33B7B812D}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{C8CF4CBB-EC88-4C8C-B106-BE393DAAC2CF}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{0BD02890-EE75-4DD4-BE2D-7EADB56B9926}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{125DBF6D-FF7B-4D1D-AB29-4DB8D2C2F49A}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{1AB1871A-F855-4F3B-8FE0-D6EDFD5F1B78}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{23DE1B64-5B5A-48D7-9AAC-04E6CD625196}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2B5E512F-B486-4FB6-A732-99B134BD4806}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{32BE4B2E-49DF-44F2-B081-A354B5F2044A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{334BF8BD-A19F-44F9-804D-37B7CDD6D3C5}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{41D9D053-3E6A-4073-8CBD-8DE8F131366B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{7AF8617E-225D-4BEF-BC23-BE1A873A6A57}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{7DA9A1D4-0530-4FE9-AFE2-F7DEAD9B8F26}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{B48D57E4-9EC8-4630-A374-12F4C397C077}C:\users\cornel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\cornel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{C49802A6-7960-4785-846B-F311201B8F4F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023488B6-26E2-4FCC-B69A-5741710DF434}" = SolidWorks 2009 x64 Edition SP0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06FE635A-BE8C-4208-91A9-FB6E641A4F52}" = ArcSoft Panorama Maker 4 Pro
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{29CCA913-C71A-47D4-A0D1-1069A347A639}" = my Picturetown Utility
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{310B8C9E-63EA-4A87-8139-5C1B84211F3D}" = SolidWorks viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{483BBD1A-3292-47D5-B357-C4010E203145}" = Learning QuickBooks 2008
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{63A14955-DC18-49CA-9CE6-9229D0C1868D}" = LogMeIn
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry

Media Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast5" = avast! Free Antivirus
"AVG8Uninstall" = AVG Free 8.5
"BitLord" = BitLord 1.1
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"DVD Photo Slideshow Pro" = DVD Photo Slideshow Pro 6.70
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"Flash Movie Player" = Flash Movie Player 1.5
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = PRODUCT_NAME
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Learning QuickBooks 2008" = Learning QuickBooks 2008
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PrimoPDF4.0.2.5" = PrimoPDF
"PROPLUS" = Microsoft Office Professional Plus 2007
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SolidWorks Installation Manager 20090-40000-1100-100" = SolidWorks 2009 x64 Edition SP0
"SopCast" = SopCast 3.0.3
"Spyware Doctor" = Spyware Doctor 7.0
"TeamViewer 3" = TeamViewer 3
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.3.2
"VLC media player" = VLC media player 1.0.3
"WebDesigner" = Microsoft Expression Web
"Windows Mobile Device Handbook" = T-Mobile Dash

User Manual
"WinRAR archiver" = WinRAR archiver
"Wondershare Flash SlideShow Builder_is1" = Wondershare Flash SlideShow Builder (2.3.1.0)
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: Bankerfox.A3rd February 2010, 6:40 pm

OTL logfile created on: 2/3/2010 1:26:05 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Cornel\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
8.00 Gb Paging File | 3.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 325.63 Gb Total Space | 207.81 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 1.30 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 334.60 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive F: | 620.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 2.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 74.50 Gb Total Space | 21.62 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: DESKTOPPCHOME
Current User Name: Cornel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/03 13:24:57 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Cornel\Downloads\OTL.exe
PRC - [2010/02/01 22:03:00 | 000,279,296 | ---- | M] () -- C:\Users\Cornel\AppData\Local\tdltim\tultsftav.exe
PRC - [2010/02/01 22:02:58 | 000,279,296 | ---- | M] () -- C:\Users\Cornel\AppData\Local\ewgyhv\tejisftav.exe
PRC - [2010/01/28 17:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/15 08:44:10 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/12 08:55:52 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/11/19 22:12:14 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/01 18:29:28 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 09:57:14 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/09/15 10:34:16 | 007,218,472 | R--- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/08/15 13:26:26 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2008/06/05 09:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/05/15 08:17:34 | 000,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
PRC - [2008/01/25 13:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 13:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files (x86)\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2007/11/19 17:54:04 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 01:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/08 19:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 05:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2005/02/02 10:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/02/14 16:13:22 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\Infinite Mind LC\eyeQ\ARLaunch.exe

========== Modules (SafeList) ==========

MOD - [2010/02/03 13:24:57 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Cornel\Downloads\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,245,824 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/07/26 07:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/26 07:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV:64bit: - [2008/05/08 13:16:36 | 000,425,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/20 09:41:56 | 000,036,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2007/10/18 06:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/02 04:25:50 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/14 20:20:30 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/08/28 09:57:14 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/28 09:48:33 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfa364ced4fd) Google Update Service (gupdate1c9dfa364ced4fd)
SRV - [2009/05/28 09:47:30 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/09/09 05:01:32 | 000,079,144 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/15 08:17:34 | 000,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe -- (TeamViewer)
SRV - [2008/05/13 13:30:49 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/05/08 19:34:10 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/05/08 13:08:41 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/02/28 14:31:48 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/27 07:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/12/20 09:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/11/19 17:54:04 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/23 01:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/23 01:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/24 14:11:46 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/01/24 14:11:34 | 000,206,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/01/28 16:57:59 | 000,051,280 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/01/28 16:57:40 | 000,120,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/01/28 16:54:45 | 000,028,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/01/28 16:54:30 | 000,063,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/01/28 16:54:07 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/09 11:20:10 | 000,218,056 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/10/02 04:25:36 | 000,087,384 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/08/28 09:58:05 | 000,033,416 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/28 09:57:58 | 000,427,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/26 10:26:32 | 000,050,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 10:25:46 | 000,790,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 10:22:32 | 002,624,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 10:22:20 | 000,015,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008/07/26 07:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2008/07/24 17:46:08 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/28 14:31:08 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/02/12 06:50:14 | 000,286,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 06:48:10 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 06:47:08 | 001,481,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/10/18 06:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/03 11:18:20 | 000,136,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/07/12 11:35:44 | 000,381,976 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2007/06/13 08:49:46 | 001,493,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS0211)
DRV:64bit: - [2006/06/19 09:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/02/28 14:31:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 09:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/24 08:08:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/15 08:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/15 08:44:12 | 000,000,000 | ---D | M]

[2008/06/19 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Cornel\AppData\Roaming\Mozilla\Extensions
[2010/02/03 11:02:38 | 000,000,000 | ---D | M] -- C:\Users\Cornel\AppData\Roaming\Mozilla\Firefox\Profiles\7kklvoj5.default\extensions
[2008/07/23 07:14:50 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Cornel\AppData\Roaming\Mozilla\Firefox\Profiles\7kklvoj5.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2009/06/22 16:04:33 | 000,000,000 | ---D | M] -- C:\Users\Cornel\AppData\Roaming\Mozilla\Firefox\Profiles\7kklvoj5.default\extensions\moveplayer@movenetworks.com
[2009/10/30 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Cornel\AppData\Roaming\Mozilla\Firefox\Profiles\7kklvoj5.default\extensions\piclens@cooliris.com
[2009/10/30 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Cornel\AppData\Roaming\Mozilla\Firefox\Profiles\7kklvoj5.default\extensions\piclens@cooliris.com-trash
[2008/06/19 10:42:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/05 18:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
[2008/10/13 17:51:32 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/02/02 10:01:51 | 000,001,302 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 swp2009.com
O1 - Hosts: 127.0.0.1 spyprotect2009.com
O1 - Hosts: 127.0.0.1 sp-protect2009.com
O1 - Hosts: 127.0.0.1 sys-protection.com
O1 - Hosts: 127.0.0.1 sysguard2009.com
O1 - Hosts: 127.0.0.1 os-protection.com
O1 - Hosts: 127.0.0.1 spy-protect-2009.com
O1 - Hosts: 127.0.0.1 spywprotect.com
O1 - Hosts: 127.0.0.1 adwareguard.net
O1 - Hosts: 127.0.0.1 antivirus-win.com
O1 - Hosts: 127.0.0.1 spywrprotect-2009.com
O1 - Hosts: 127.0.0.1 sysprotect.net
O1 - Hosts: 127.0.0.1 spwprotect2009.com
O1 - Hosts: 127.0.0.1 spy-protec.com
O1 - Hosts: 127.0.0.1 spyware-protector-2009.com
O1 - Hosts: 127.0.0.1 browser-security.microsoft.com
O1 - Hosts: 127.0.0.1 antiwareprotect.com
O1 - Hosts: 127.0.0.1 antivguardian.com
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BTBFirstRun] C:\Program Files (x86)\Hewlett-Packard\SDP\HPRun.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [fgvevnay] C:\Users\Cornel\AppData\Local\tdltim\tultsftav.exe ()
O4 - HKCU..\Run: [ggmdmmjv] C:\Users\Cornel\AppData\Local\ewgyhv\tejisftav.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\Cornel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Cornel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk = C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.5 72.240.13.6 72.240.1.205
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 05:36:33 | 000,000,025 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/12/01 03:38:11 | 000,000,080 | R--- | M] () - K:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - M:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\Shell - "" = AutoRun
O33 - MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\Shell\AutoRun\command - "" = K:\SolidWorks-Tutorial.exe -- [2007/12/30 22:25:24 | 002,690,858 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2008/11/24 05:36:43 | 002,707,136 | R--- | M] (Research In Motion)
O33 - MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/03 10:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/02/02 19:43:49 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Roaming\PC Tools
[2010/02/02 19:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/02/02 13:03:57 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/02/02 13:03:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/02/02 12:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/02 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/02 11:44:20 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/02/02 11:44:20 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/02/02 11:44:20 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/02/02 11:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/02/02 11:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/02/02 11:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/02/01 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Local\tdltim
[2010/02/01 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Local\ewgyhv
[2010/01/28 14:32:13 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Roaming\vlc
[2010/01/22 10:06:44 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/22 10:06:44 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/22 10:06:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/22 10:06:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/22 10:06:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/01/22 10:06:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/22 10:06:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/01/22 10:06:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/01/22 10:06:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/22 10:06:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/01/22 10:06:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/22 10:06:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/22 10:06:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/01/22 10:06:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/01/22 10:06:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/01/14 18:02:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/14 18:02:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[3 C:\Users\Cornel\AppData\Local\*.tmp files -> C:\Users\Cornel\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/03 13:30:49 | 004,194,304 | -HS- | M] () -- C:\Users\Cornel\NTUSER.DAT
[2010/02/03 12:51:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/03 12:36:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 12:36:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 12:34:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 11:59:57 | 000,214,528 | ---- | M] () -- C:\Users\Cornel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 11:00:06 | 000,002,515 | ---- | M] () -- C:\Users\Cornel\Desktop\HiJackThis.lnk
[2010/02/03 09:13:39 | 055,048,281 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/02 22:44:31 | 000,002,617 | ---- | M] () -- C:\Users\Cornel\Desktop\Outlook.lnk
[2010/02/02 22:43:00 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/02 22:43:00 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/02 22:43:00 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/02 22:38:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/02 22:36:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/02 22:36:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/02 22:35:13 | 000,524,288 | -HS- | M] () -- C:\Users\Cornel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/02/02 22:35:13 | 000,065,536 | -HS- | M] () -- C:\Users\Cornel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/02/02 22:35:01 | 003,582,273 | -H-- | M] () -- C:\Users\Cornel\AppData\Local\IconCache.db
[2010/02/02 19:43:56 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/02/02 13:05:00 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/02 13:04:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/02/02 12:50:42 | 000,001,356 | ---- | M] () -- C:\Users\Cornel\AppData\Local\d3d9caps.dat
[2010/02/02 10:08:20 | 000,511,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/29 17:25:42 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010/01/28 17:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/01/28 17:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/01/28 16:57:59 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/01/28 16:57:40 | 000,120,912 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/01/28 16:54:45 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/01/28 16:54:30 | 000,063,568 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/01/28 16:54:07 | 000,022,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/01/28 15:35:50 | 001,502,995 | ---- | M] () -- C:\Users\Cornel\Desktop\gasgebi2.wmv
[2010/01/28 15:07:59 | 002,890,688 | ---- | M] () -- C:\Users\Cornel\Desktop\guggi.avi
[2010/01/28 15:03:24 | 000,397,882 | ---- | M] () -- C:\Users\Cornel\Desktop\gag.avi
[2010/01/28 15:01:16 | 002,701,184 | ---- | M] () -- C:\Users\Cornel\Desktop\gaggi.mpg
[2010/01/28 15:01:10 | 000,344,040 | ---- | M] () -- C:\Users\Cornel\Desktop\gassi.mpg
[2010/01/28 14:52:38 | 002,874,896 | ---- | M] () -- C:\Users\Cornel\Desktop\gasgebi.mpg
[2010/01/28 14:31:38 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/25 12:39:00 | 002,345,174 | ---- | M] () -- C:\Users\Cornel\Desktop\RaceOilCooler1-15.stp
[2010/01/19 19:55:42 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[3 C:\Users\Cornel\AppData\Local\*.tmp files -> C:\Users\Cornel\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/03 10:56:07 | 000,002,515 | ---- | C] () -- C:\Users\Cornel\Desktop\HiJackThis.lnk
[2010/02/02 19:44:06 | 000,306,648 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/02/02 19:44:06 | 000,132,048 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/02/02 19:44:06 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/02/02 19:43:56 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/02/02 19:43:54 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/02/02 19:43:54 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/02/02 13:05:00 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/02 13:04:59 | 000,120,912 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/02/02 13:04:59 | 000,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/02/02 13:04:55 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/02/02 13:04:54 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/02/02 13:04:52 | 000,063,568 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/02/02 13:04:06 | 000,422,820 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI150F.txt
[2010/02/02 13:04:03 | 000,013,810 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI150F.txt
[2010/02/02 12:47:43 | 000,139,860 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI0888.txt
[2010/02/02 12:47:41 | 000,014,176 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI0888.txt
[2010/02/02 12:43:25 | 000,139,940 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI053A.txt
[2010/02/02 12:43:23 | 000,014,208 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI053A.txt
[2010/02/02 12:37:15 | 000,011,566 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI008C.txt
[2010/02/02 12:36:58 | 000,000,002 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI004E.txt
[2010/02/02 12:36:56 | 000,012,046 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI004E.txt
[2010/02/02 12:36:31 | 000,011,518 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI7FFC.txt
[2010/02/02 12:36:05 | 000,011,582 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI7FA7.txt
[2010/02/02 12:35:55 | 000,011,534 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI7F87.txt
[2010/02/02 12:35:36 | 000,011,470 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI7F49.txt
[2010/02/02 12:34:02 | 000,010,580 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI7E16.txt
[2010/02/02 12:24:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/02/02 11:44:20 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/02/02 11:44:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/02/02 11:44:20 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/02/02 11:44:20 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/02/02 11:44:20 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/02/02 11:44:16 | 000,218,056 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/02/02 11:44:16 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/02/02 11:44:12 | 000,011,440 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI57F2.txt
[2010/02/02 11:44:12 | 000,001,824 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI57F2.txt
[2010/02/02 11:44:11 | 000,011,456 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistUI57EE.txt
[2010/02/02 11:44:11 | 000,001,832 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_vcredistMSI57EE.txt
[2010/01/28 15:35:45 | 001,502,995 | ---- | C] () -- C:\Users\Cornel\Desktop\gasgebi2.wmv
[2010/01/28 15:07:53 | 002,890,688 | ---- | C] () -- C:\Users\Cornel\Desktop\guggi.avi
[2010/01/28 15:03:23 | 000,397,882 | ---- | C] () -- C:\Users\Cornel\Desktop\gag.avi
[2010/01/28 15:01:02 | 002,701,184 | ---- | C] () -- C:\Users\Cornel\Desktop\gaggi.mpg
[2010/01/28 14:58:06 | 000,344,040 | ---- | C] () -- C:\Users\Cornel\Desktop\gassi.mpg
[2010/01/28 14:52:15 | 002,874,896 | ---- | C] () -- C:\Users\Cornel\Desktop\gasgebi.mpg
[2010/01/28 14:31:38 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/25 12:39:00 | 002,345,174 | ---- | C] () -- C:\Users\Cornel\Desktop\RaceOilCooler1-15.stp
[2010/01/22 10:06:47 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/01/22 10:06:46 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/01/22 10:06:45 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/01/22 10:06:44 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/01/22 10:06:44 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/01/22 10:06:44 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/22 10:06:44 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/01/22 10:06:43 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/01/22 10:06:43 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/01/22 10:06:43 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/01/22 10:06:43 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/01/22 10:06:43 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/01/22 10:06:43 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/01/22 10:06:43 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/22 10:06:43 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/01/22 10:06:43 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/01/22 10:06:43 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/22 10:06:42 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/01/22 10:06:42 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/01/22 10:06:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/01/20 08:43:58 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/01/19 19:58:47 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/01/19 19:58:47 | 000,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/01/14 18:02:57 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/01/14 18:02:57 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2009/09/14 20:27:15 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/09/04 11:48:46 | 000,000,600 | ---- | C] () -- C:\Users\Cornel\AppData\Local\PUTTY.RND
[2009/09/03 13:37:49 | 000,007,149 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt
[2009/09/03 13:37:47 | 000,031,614 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx20install.txt
[2009/09/03 13:37:47 | 000,000,754 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx20error.txt
[2009/09/03 12:55:27 | 000,005,108 | ---- | C] () -- C:\Users\Cornel\AppData\Local\setup.log
[2009/09/03 12:54:11 | 002,531,226 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_NET_Framework35_x64_MSI294B.txt
[2009/06/19 13:36:28 | 000,069,339 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/06/19 13:36:18 | 000,000,596 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx3error.txt
[2009/06/19 13:36:17 | 000,057,338 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx3install.txt
[2009/03/18 18:23:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services
[2009/03/18 18:23:05 | 000,000,268 | RH-- | C] () -- C:\Users\Cornel\AppData\Roaming\Sci-Fi
[2009/03/18 18:23:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLer.DAT
[2009/03/18 13:31:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler Instruments
[2009/03/18 13:31:28 | 000,000,268 | RH-- | C] () -- C:\Users\Cornel\AppData\Roaming\Rule Actions
[2009/03/18 13:31:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/09/16 05:09:27 | 000,001,356 | ---- | C] () -- C:\Users\Cornel\AppData\Local\d3d9caps.dat
[2008/07/16 09:43:36 | 000,000,310 | ---- | C] () -- C:\Users\Cornel\AppData\Roaming\APUSet.xml
[2008/07/16 09:43:35 | 000,006,045 | ---- | C] () -- C:\Users\Cornel\AppData\Roaming\PrimoPDFSet.xml
[2008/06/05 20:05:28 | 000,039,776 | ---- | C] () -- C:\Windows\SysWow64\drivers\STREAM.SYS
[2008/06/05 19:06:33 | 000,002,508 | ---- | C] () -- C:\Windows\unvpeye.ini
[2008/05/16 09:27:25 | 000,214,528 | ---- | C] () -- C:\Users\Cornel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 20:01:29 | 000,027,841 | ---- | C] () -- C:\Users\Cornel\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/05/12 07:05:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/09 07:24:14 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/05/08 16:36:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/08 15:03:32 | 001,880,288 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_NET_Framework35_x64_MSI220F.txt
[2008/05/08 15:03:06 | 000,356,859 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/05/08 15:03:03 | 000,479,270 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx35install.txt
[2008/05/08 15:03:03 | 000,025,264 | ---- | C] () -- C:\Users\Cornel\AppData\Local\uxeventlog.txt
[2008/05/08 15:03:03 | 000,000,002 | ---- | C] () -- C:\Users\Cornel\AppData\Local\dd_dotnetfx35error.txt
[2008/05/08 13:18:32 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2008/02/22 16:11:39 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/22 16:04:04 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/02/22 16:04:04 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/05/27 20:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll
[2001/06/24 04:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Bankerfox.A3rd February 2010, 8:12 pm

Hello.

I see that you are running BitLord.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are also running two antivirus', I see from the uninstall list you have Avast installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight the following:

AVG Free 8.5
BitLord 1.1
Click on the Uninstall/Change button at the top.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
PRC - [2010/02/01 22:03:00 | 000,279,296 | ---- | M] () -- C:\Users\Cornel\AppData\Local\tdltim\tultsftav.exe
PRC - [2010/02/01 22:02:58 | 000,279,296 | ---- | M] () -- C:\Users\Cornel\AppData\Local\ewgyhv\tejisftav.exe
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [fgvevnay] C:\Users\Cornel\AppData\Local\tdltim\tultsftav.exe ()
O4 - HKCU..\Run: [ggmdmmjv] C:\Users\Cornel\AppData\Local\ewgyhv\tejisftav.exe ()
O32 - AutoRun File - [2008/11/24 05:36:33 | 000,000,025 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/12/01 03:38:11 | 000,000,080 | R--- | M] () - K:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - M:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\Shell - "" = AutoRun
O33 - MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\Shell\AutoRun\command - "" = K:\SolidWorks-Tutorial.exe -- [2007/12/30 22:25:24 | 002,690,858 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2008/11/24 05:36:43 | 002,707,136 | R--- | M] (Research In Motion)
O33 - MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010/02/01 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Local\tdltim
[2010/02/01 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\Cornel\AppData\Local\ewgyhv
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Bankerfox.A3rd February 2010, 10:59 pm

Thanks for your quick response! Here's the log. I had to restart the computer.... What do you think?

========== OTL ==========
Process tultsftav.exe killed successfully!
Process tejisftav.exe killed successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fgvevnay deleted successfully.
C:\Users\Cornel\AppData\Local\tdltim\tultsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ggmdmmjv deleted successfully.
C:\Users\Cornel\AppData\Local\ewgyhv\tejisftav.exe moved successfully.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. K:\AUTORUN.INF scheduled to be moved on reboot.
M:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f13eff8-1d28-11dd-863f-001fc62a301a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f13eff8-1d28-11dd-863f-001fc62a301a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f13eff8-1d28-11dd-863f-001fc62a301a}\ not found.
File move failed. K:\SolidWorks-Tutorial.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19b8979-083b-11dd-bc75-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19b8979-083b-11dd-bc75-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19b8979-083b-11dd-bc75-806e6f6e6963}\ not found.
File move failed. F:\start.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8f740f9-d445-11de-98ca-001fc62a301a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8f740f9-d445-11de-98ca-001fc62a301a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8f740f9-d445-11de-98ca-001fc62a301a}\ not found.
File P:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Cornel\AppData\Local\tdltim folder moved successfully.
C:\Users\Cornel\AppData\Local\ewgyhv folder moved successfully.

Re: Bankerfox.A4th February 2010, 12:41 am

Please download USBNoRisk to your Desktop and run it by double clicking the program's icon.

Wait a couple of seconds for initial scan to finish.
Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
If there are more USB storage devices to scan, please take a note about the order in which these were connected.
After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Re: Bankerfox.A4th February 2010, 2:44 am

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 2/3/2010 9:34:07 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
M: {2b3c97e9-1d43-11dd-b43c-001fc62a301a}
C: {b19b8971-083b-11dd-bc75-806e6f6e6963}
D: {b19b8974-083b-11dd-bc75-806e6f6e6963}
E: {b19b8975-083b-11dd-bc75-806e6f6e6963}
========================================

Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for b19b8971-083b-11dd-bc75-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for b19b8974-083b-11dd-bc75-806e6f6e6963
----------------------------------------
Desktop.ini found at D:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
;ShellvRTFs class ID
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
;Any file containing icons, if you don't want to use the internal icons
;IconFile="%systemroot%\system32\shell32.dll"
;The icon index in "IconFile"
;IconIndex=32

[ShellvRTF]
;Path to the RTF to be displayed in the Shell View
RTFPath="protect.ed"
;Icon index for diplaying internal icons
; 0="protected" icon, 1="Drive" icon, 2="Partition" icon
IconIndex=1
;Executable to start if a user double clicks on the folder
; Execute="HKLM:\Software\SoftThinks\Image ST:Exe"
;Parameters for the executable
; ExecParams="%0\Image.STI"
;The Infotip option can be
;-A String from this file
;-A String from the registry
;-A String from above that resolves to a valid file on disk containing
; the string to be displayed (non UNICODE Text files are converted
; to UNICODE using the system ANSI code page)
; Infotip="HKLM:\Software\SoftThinks\Image ST:InfoTip"

;String expansion:
;%0 ...DeskTop.INI path
;HKLM:\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

: ...HKEY_LOCAL_MACHINE\

:
;HKCU:\

: ...HKEY_CURRENT_USER\

:
;HKCR:\

: ...HKEY_CLASSES_ROOT\

:
;HKCC:\

: ...HKEY_CURRENT_CONFIG\

:
;HKU:\

: ...HKEY_USERS\

:
;%% ...variable in environment (for a list, type "set" in cmd)
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\SysWOW64\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\SysWOW64\ShellvRTF.dll
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for b19b8975-083b-11dd-bc75-806e6f6e6963
No Desktop.ini files found on E:
----------------------------------------

No blocked files found on M:
No Autorun.inf files found on M:
No mountpoint found for M:
Sanitized mountpoint for 2b3c97e9-1d43-11dd-b43c-001fc62a301a
----------------------------------------
Desktop.ini found at M:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files (x86)\TuneUp Utilities 2008\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files (x86)\TuneUp Utilities 2008\Undelete.exe"
----------------------------------------
Desktop.ini found at M:\$RECYCLE.BIN\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files (x86)\TuneUp Utilities 2008\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files (x86)\TuneUp Utilities 2008\Undelete.exe"
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed M:
========================================

New device connected at 2/3/2010 9:36:50 PM

Scanning for connected USB mass storage...
----------------------------------------
M: {dc1291ff-ee34-11de-a4b3-001fc62a301a}
Added M:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on M:
----------------------------------------
No Autorun.inf files found on M:
Sanitized mountpoint for dc1291ff-ee34-11de-a4b3-001fc62a301a
----------------------------------------

No Desktop.ini files found on M:
----------------------------------------

No mimics found on drive M:
========================================

========================================
Removed M:
========================================

New device connected at 2/3/2010 9:37:35 PM

Scanning for connected removable storage...
----------------------------------------
G: {b19b8980-083b-11dd-bc75-806e6f6e6963}
Added G:
========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for b19b8980-083b-11dd-bc75-806e6f6e6963
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================

New device connected at 2/3/2010 9:38:06 PM

Scanning for connected removable storage...
----------------------------------------
G: {b19b8980-083b-11dd-bc75-806e6f6e6963}
Added G:
========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for b19b8980-083b-11dd-bc75-806e6f6e6963
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================

New device connected at 2/3/2010 9:38:37 PM

Scanning for connected removable storage...
----------------------------------------
G: {b19b8980-083b-11dd-bc75-806e6f6e6963}
Added G:
========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for b19b8980-083b-11dd-bc75-806e6f6e6963
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================

New device connected at 2/3/2010 9:42:36 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

New device connected at 2/3/2010 9:42:36 PM

Scanning for connected USB mass storage...
----------------------------------------
Q: {d8f740f6-d445-11de-98ca-001fc62a301a}
Added Q:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on Q:
----------------------------------------
No Autorun.inf files found on Q:
Sanitized mountpoint for d8f740f6-d445-11de-98ca-001fc62a301a
----------------------------------------

No Desktop.ini files found on Q:
----------------------------------------

No mimics found on drive Q:
========================================

New device connected at 2/3/2010 9:42:37 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on Q:
----------------------------------------
No Autorun.inf files found on Q:
No mountpoint found for d8f740f6-d445-11de-98ca-001fc62a301a
----------------------------------------

No Desktop.ini files found on Q:
----------------------------------------

No mimics found on drive Q:
========================================

========================================
Removed Q:
========================================
========================================

========================================

Re: Bankerfox.A4th February 2010, 10:01 pm

Hello.
What is the F:\ and K:\ drive?

Re: Bankerfox.A4th February 2010, 10:34 pm

F: is my DVD drive, it contains a Blackberry Software CD right now and K: is a mounted drive with a Solidworks Tutorial. Hope this helps...

Re: Bankerfox.A4th February 2010, 11:35 pm

Well, that explains why the autorun file didn't want to go away.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Re: Bankerfox.A5th February 2010, 3:02 am

All right! I did as you said and rebooted. The bankerfox madness is gone and avast appears to run normal, however when I run a scan with my newly installed PC Tools Spyware Doctor I am told that I have 4 threads and 102 infections on my computer. But that might have been the case before and is not really a problem? In any case, it seems that I can work normally again and thank you dearly for all your help!

Re: Bankerfox.A5th February 2010, 5:01 pm

Lies. They are saying that to get you to buy their product, then when you buy it, no threats are found.

My recommendations? get rid of Spyware Doctor.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Bankerfox.A5th February 2010, 5:25 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3693
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/5/2010 12:19:25 PM
mbam-log-2010-02-05 (12-19-25).txt

Scan type: Quick Scan
Objects scanned: 103524
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Cornel\AppData\Local\Temp\ajosnu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Cornel\AppData\Local\Temp\sfkqci.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Re: Bankerfox.A5th February 2010, 6:44 pm

Hello.

How is the machine running now?

Re: Bankerfox.A5th February 2010, 6:48 pm

as good as new. Thank you for your help. This was a great experience!

Re: Bankerfox.A5th February 2010, 7:02 pm

Okay, this should be fine now.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Bankerfox.A

descriptionBankerfox.A3rd February 2010, 4:24 pm

descriptionRe: Bankerfox.A3rd February 2010, 6:23 pm

descriptionRe: Bankerfox.A3rd February 2010, 6:39 pm

descriptionRe: Bankerfox.A3rd February 2010, 6:40 pm

descriptionRe: Bankerfox.A3rd February 2010, 8:12 pm

descriptionRe: Bankerfox.A3rd February 2010, 10:59 pm

descriptionRe: Bankerfox.A4th February 2010, 12:41 am

descriptionRe: Bankerfox.A4th February 2010, 2:44 am

descriptionRe: Bankerfox.A4th February 2010, 10:01 pm

descriptionRe: Bankerfox.A4th February 2010, 10:34 pm

descriptionRe: Bankerfox.A4th February 2010, 11:35 pm

descriptionRe: Bankerfox.A5th February 2010, 3:02 am

descriptionRe: Bankerfox.A5th February 2010, 5:01 pm

descriptionRe: Bankerfox.A5th February 2010, 5:25 pm

descriptionRe: Bankerfox.A5th February 2010, 6:44 pm

descriptionRe: Bankerfox.A5th February 2010, 6:48 pm

descriptionRe: Bankerfox.A5th February 2010, 7:02 pm

descriptionRe: Bankerfox.A

Bankerfox.A3rd February 2010, 4:24 pm

Re: Bankerfox.A3rd February 2010, 6:23 pm

Re: Bankerfox.A3rd February 2010, 6:39 pm

Re: Bankerfox.A3rd February 2010, 6:40 pm

Re: Bankerfox.A3rd February 2010, 8:12 pm

Re: Bankerfox.A3rd February 2010, 10:59 pm

Re: Bankerfox.A4th February 2010, 12:41 am

Re: Bankerfox.A4th February 2010, 2:44 am

Re: Bankerfox.A4th February 2010, 10:01 pm

Re: Bankerfox.A4th February 2010, 10:34 pm

Re: Bankerfox.A4th February 2010, 11:35 pm

Re: Bankerfox.A5th February 2010, 3:02 am

Re: Bankerfox.A5th February 2010, 5:01 pm

Re: Bankerfox.A5th February 2010, 5:25 pm

Re: Bankerfox.A5th February 2010, 6:44 pm

Re: Bankerfox.A5th February 2010, 6:48 pm

Re: Bankerfox.A5th February 2010, 7:02 pm

Re: Bankerfox.A