Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

metropolitan police ukash trojan [Solved]

Started by th0mh , Apr 17 2012 11:43 AM

This topic is locked

#16
th0mh

Posted 17 April 2012 - 02:55 PM

Member

Topic Starter
Member
32 posts

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 2012-04-18 00:03:39 R:1
Running from I:\

==============================================

HKEY_USERS\Thom\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\Thom\...\Run: [] C:\Users\Thom\AppData\Roaming\.exe [x] Value not found.
HKEY_USERS\Thom\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.
HKEY_USERS\Thom\Software\Microsoft\Windows\CurrentVersion\Run\\5kS43ADO0bzprWo Value deleted successfully.
HKEY_USERS\Thom\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools Value deleted successfully.
HKEY_USERS\Thom\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value deleted successfully.
HKEY_USERS\Thom\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Thom\AppData\Roaming\soundblaster_fx648.exe moved successfully.
C:\Program Files\Free Offers from Freeze.com moved successfully.

==== End of Fixlog ====

OTL logfile created on: 4/18/2012 1:45:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = F:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.52% Memory free
6.00 Gb Paging File | 4.95 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585.88 Gb Total Space | 103.92 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive D: | 10.29 Gb Total Space | 10.20 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.46 Gb Free Space | 92.13% Space Free | Partition Type: FAT32

Computer Name: THOM-PC | User Name: Thom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 22:43:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/03/28 09:37:30 | 001,102,336 | ---- | M] (SystemSecurityGuard.com) -- C:\Program Files\System Security Guard\SystemSecurityGuardTray.exe
PRC - [2012/03/22 11:12:42 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/03/09 14:21:40 | 000,558,728 | ---- | M] (systemsecurityguard.com) -- C:\Program Files\System Security Guard\SSGService.exe
PRC - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/01/26 18:48:40 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/11/03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/11/03 20:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/02 12:13:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2010/11/25 11:24:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files\Logitech\G35\G35.exe
PRC - [2010/09/23 12:27:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/21 11:07:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:02:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:02:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:01:38 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

========== Modules (No Company Name) ==========

MOD - [2012/03/22 11:12:42 | 020,297,512 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/03/22 11:12:41 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/03/22 11:12:41 | 000,907,048 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/03/22 11:12:41 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/03/22 11:12:41 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/05 11:06:04 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/22 11:12:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/09 14:21:40 | 000,558,728 | ---- | M] (systemsecurityguard.com) [On_Demand | Running] -- C:\Program Files\System Security Guard\SSGService.exe -- (SSGHelpService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/07/21 11:07:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:02:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/02 23:30:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/03/29 13:32:54 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/25 14:18:03 | 000,009,906 | ---- | M] (TamoSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2011/09/13 10:00:40 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/06 12:17:22 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 12:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 12:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/07/16 13:01:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/iat/us_nl.aspx
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F CB 28 CF 34 E7 CA 01 [binary data]
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 11:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/03/02 17:25:34 | 000,000,000 | ---D | M]

[2011/10/27 18:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\Mozilla\Extensions
[2012/01/05 22:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\vjliljmk.default\extensions
[2012/01/02 12:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/13 15:13:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/02 17:25:34 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
() (No name found) -- C:\USERS\THOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJLILJMK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\THOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJLILJMK.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 11:11:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000..\Run: [] C:\Users\Thom\AppData\Roaming\.exe File not found
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000..\Run: [SystemSecurityGuardAutoStart] C:\Program Files\System Security Guard\SystemSecurityGuardTray.exe (SystemSecurityGuard.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUpldnl-nl.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33EF78E5-0F95-4A7B-B8CF-ECF2593ADDC0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0af07fb0-7970-11e1-b5f8-00221534530d}\Shell - "" = AutoRun
O33 - MountPoints2\{0af07fb0-7970-11e1-b5f8-00221534530d}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 04:46:36 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/18 01:29:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/13 15:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/13 15:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/13 00:41:50 | 000,000,000 | ---D | C] -- C:\dd948e71af1aa86fab95b1d57304
[2012/04/12 22:45:11 | 000,000,000 | ---D | C] -- C:\Users\Thom\.Dharoks_v4
[2012/04/10 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\Cd
[2012/04/07 21:58:40 | 000,000,000 | ---D | C] -- C:\.soulsplit
[2012/04/06 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\SystemSecurityGuard
[2012/04/06 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Security Guard
[2012/04/06 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\System Security Guard
[2012/04/06 16:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemSecurityGuard
[2012/03/31 00:09:30 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\Games for Windows - LIVE Demos
[2012/03/30 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\WB Games
[2012/03/30 16:47:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2012/03/30 16:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/03/30 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2012/03/29 20:44:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/03/29 20:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/03/29 20:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/03/29 20:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/29 20:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/29 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\Battlefield 3
[2012/03/29 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\BF3
[2012/03/29 14:43:31 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\WB Games
[2012/03/29 14:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
[2012/03/29 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Snowblind Studios
[2012/03/29 13:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/03/29 13:32:54 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/03/29 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/03/29 13:32:19 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\DAEMON Tools Lite
[2012/03/29 13:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/03/27 18:15:42 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\wargaming.net
[2012/03/27 18:15:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/03/27 18:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/03/27 18:15:23 | 000,000,000 | ---D | C] -- C:\Games
[2012/03/25 15:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/25 15:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 01:46:45 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/18 01:46:45 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/18 01:43:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 01:43:36 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 00:22:48 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 00:22:47 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 17:52:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/17 17:02:18 | 000,000,046 | ---- | M] () -- C:\Users\Thom\jagex_runescape_preferences.dat
[2012/04/17 16:54:45 | 000,000,129 | ---- | M] () -- C:\Users\Thom\jagex_runescape_preferences2.dat
[2012/04/16 21:40:39 | 000,000,032 | ---- | M] () -- C:\Users\Thom\jagex_cl_runescape_LIVE.dat
[2012/04/14 09:50:18 | 094,907,670 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/04/13 15:13:28 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/06 16:31:01 | 000,001,135 | ---- | M] () -- C:\Users\Thom\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2012/04/06 16:31:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2012/03/30 10:28:20 | 003,622,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/29 14:38:02 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\Lord of the Rings - War in the North.lnk
[2012/03/29 13:34:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/03/29 13:32:54 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/03/27 18:15:25 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/03/20 19:08:39 | 000,000,044 | ---- | M] () -- C:\Users\Thom\jagex_cl_runescape_LIVE1.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 16:31:01 | 000,001,135 | ---- | C] () -- C:\Users\Thom\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2012/04/06 16:31:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2012/04/05 10:15:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 16:47:00 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/03/29 14:38:02 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\Lord of the Rings - War in the North.lnk
[2012/03/29 13:34:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/03/27 18:15:25 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2011/10/20 03:31:20 | 000,000,007 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy Login.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/15 18:44:23 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 23:01:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/20 23:00:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/17 17:54:35 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/13 18:50:55 | 000,000,063 | ---- | C] () -- C:\ProgramData\anwblog2010.cfg
[2011/06/10 17:25:35 | 000,000,298 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy_ipsych0.ini
[2011/05/18 16:46:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/05/16 17:31:51 | 000,000,590 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy_th0mh.ini
[2010/12/28 18:23:19 | 000,000,020 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\ArbiAuth.ini
[2010/10/21 16:44:22 | 000,000,097 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBot_Accounts.ini
[2010/09/29 12:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll
[2010/08/13 17:21:24 | 000,000,170 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBot Accounts.ini
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/04 15:19:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/03 18:24:23 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/05/03 18:24:23 | 000,138,056 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\PnkBstrK.sys
[2010/05/03 18:23:57 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/05/03 18:23:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/05/03 18:23:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/04/29 02:47:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/05/06 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\.maltego
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Azureus
[2011/05/05 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Belastingdienst
[2012/03/29 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\DAEMON Tools Lite
[2011/01/04 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Dropbox
[2011/06/11 00:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Easy Macro Recorder
[2012/02/14 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\EpicBot
[2011/11/17 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Leadertech
[2010/07/11 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\LimeWirePlus
[2011/06/18 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\LolClient
[2011/06/11 00:14:27 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Macro Recorder
[2011/08/02 12:51:03 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Mouse Recorder Pro
[2012/02/16 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Notepad++
[2012/03/29 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Origin
[2011/11/20 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Publish Providers
[2011/01/28 23:44:34 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Raptr
[2011/11/20 20:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Sony
[2012/04/11 17:58:09 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Spotify
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\SystemSecurityGuard
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\TS3Client
[2012/03/14 15:01:28 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\TuneUpMedia
[2011/03/02 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Uniblue
[2012/03/27 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\wargaming.net
[2011/02/21 20:11:59 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Wireshark
[2012/02/03 13:35:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: THOM-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 J DVD-ROM 0 B No Media
Volume 2 C NTFS Partition 585 GB Healthy System
Volume 3 D NTFS Partition 10 GB Healthy
Volume 4 G Removable 0 B No Media
Volume 5 H Removable 0 B No Media
Volume 6 I Removable 0 B No Media
Volume 7 K Removable 0 B No Media
Volume 8 F FAT32 Removable 3853 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}

< End of report >

These are both the logs. 1 small thing i dont have any icons on my desktop shown no more will this change ?

#17
th0mh

Posted 17 April 2012 - 03:23 PM

Member

Topic Starter
Member
32 posts

Are there anymore steps i need to follow or can i connect it to internet again?

#18
Essexboy

Posted 17 April 2012 - 03:28 PM

GeekU Moderator

Retired Staff
69,964 posts

Last one of these I had, had 3 different infections. On completion of this try the net and let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKU\S-1-5-21-2243041973-16635593-2241794628-1000..\Run: [] C:\Users\Thom\AppData\Roaming\.exe File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#19
th0mh

Posted 17 April 2012 - 03:42 PM

Member

Topic Starter
Member
32 posts

In 5 minutes I got all the logs but before that i just want to thank you so far for putting so much time and effort into me. I wish everyone was like this thanks

#20
Essexboy

Posted 17 April 2012 - 03:47 PM

GeekU Moderator

Retired Staff
69,964 posts

I will be going off line in a few minutes

But you should be good to go online.

Could you let me know what problems remain on completion

Back in the morning

#21
th0mh

Posted 17 April 2012 - 03:50 PM

Member

Topic Starter
Member
32 posts

Okay well thanks for todays help. I only had a problem with the roguekiller it would ask for a cd but then it would give a few errors i had to skip.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 02:47:54
-----------------------------
02:47:54.280 OS Version: Windows 6.1.7601 Service Pack 1
02:47:54.280 Number of processors: 4 586 0xF0B
02:47:54.280 ComputerName: THOM-PC UserName: Thom
02:47:55.716 Initialize success
02:48:24.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:48:24.542 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
02:48:24.542 Disk 0 MBR read successfully
02:48:24.542 Disk 0 MBR scan
02:48:24.542 Disk 0 Windows 7 default MBR code
02:48:24.557 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 599943 MB offset 63
02:48:24.589 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10534 MB offset 1228683330
02:48:24.589 Disk 0 scanning sectors +1250258625
02:48:24.635 Disk 0 scanning C:\Windows\system32\drivers
02:48:29.846 Service scanning
02:48:41.437 Modules scanning
02:48:47.536 Disk 0 trace - called modules:
02:48:47.552 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
02:48:47.567 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8697b4f8]
02:48:47.567 3 CLASSPNP.SYS[8b6f759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b0c028]
02:48:47.567 Scan finished successfully
02:49:08.206 Disk 0 MBR has been saved successfully to "F:\Scans\MBR.dat"
02:49:08.237 The log file has been saved successfully to "F:\Scans\aswMBR.txt"

-----------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 4/18/2012 2:34:26 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = F:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.63% Memory free
6.00 Gb Paging File | 5.02 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585.88 Gb Total Space | 103.08 Gb Free Space | 17.59% Space Free | Partition Type: NTFS
Drive D: | 10.29 Gb Total Space | 10.20 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.45 Gb Free Space | 91.98% Space Free | Partition Type: FAT32

Computer Name: THOM-PC | User Name: Thom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 22:43:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/03/28 09:37:30 | 001,102,336 | ---- | M] (SystemSecurityGuard.com) -- C:\Program Files\System Security Guard\SystemSecurityGuardTray.exe
PRC - [2012/03/22 11:12:42 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/03/09 14:21:40 | 000,558,728 | ---- | M] (systemsecurityguard.com) -- C:\Program Files\System Security Guard\SSGService.exe
PRC - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/01/26 18:48:40 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/11/03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/11/03 20:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/02 12:13:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/02/20 20:23:59 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/11/25 11:24:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files\Logitech\G35\G35.exe
PRC - [2010/09/23 12:27:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/21 11:07:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:02:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:02:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:01:38 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/22 11:12:42 | 020,297,512 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/03/22 11:12:41 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/03/22 11:12:41 | 000,907,048 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/03/22 11:12:41 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/03/22 11:12:41 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/05 11:06:04 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/22 11:12:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/09 14:21:40 | 000,558,728 | ---- | M] (systemsecurityguard.com) [On_Demand | Running] -- C:\Program Files\System Security Guard\SSGService.exe -- (SSGHelpService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/07/21 11:07:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:02:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/02 23:30:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/03/29 13:32:54 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/25 14:18:03 | 000,009,906 | ---- | M] (TamoSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2011/09/13 10:00:40 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/06 12:17:22 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 12:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 12:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/07/16 13:01:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/iat/us_nl.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F CB 28 CF 34 E7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx
IE - HKCU\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 11:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/03/02 17:25:34 | 000,000,000 | ---D | M]

[2011/10/27 18:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\Mozilla\Extensions
[2012/01/05 22:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\vjliljmk.default\extensions
[2012/01/02 12:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/13 15:13:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/02 17:25:34 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
() (No name found) -- C:\USERS\THOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJLILJMK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\THOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJLILJMK.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 11:11:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/04/18 02:32:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files\Runescape\prxtbRune.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SystemSecurityGuardAutoStart] C:\Program Files\System Security Guard\SystemSecurityGuardTray.exe (SystemSecurityGuard.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUpldnl-nl.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33EF78E5-0F95-4A7B-B8CF-ECF2593ADDC0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0af07fb0-7970-11e1-b5f8-00221534530d}\Shell - "" = AutoRun
O33 - MountPoints2\{0af07fb0-7970-11e1-b5f8-00221534530d}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 04:46:36 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/18 01:29:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/13 15:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/13 15:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/13 00:41:50 | 000,000,000 | ---D | C] -- C:\dd948e71af1aa86fab95b1d57304
[2012/04/12 22:45:11 | 000,000,000 | ---D | C] -- C:\Users\Thom\.Dharoks_v4
[2012/04/10 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\Cd
[2012/04/07 21:58:40 | 000,000,000 | ---D | C] -- C:\.soulsplit
[2012/04/06 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\SystemSecurityGuard
[2012/04/06 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Security Guard
[2012/04/06 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\System Security Guard
[2012/04/06 16:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemSecurityGuard
[2012/03/31 00:09:30 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\Games for Windows - LIVE Demos
[2012/03/30 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\WB Games
[2012/03/30 16:47:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2012/03/30 16:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/03/30 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2012/03/29 20:44:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/03/29 20:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/03/29 20:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/03/29 20:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/29 20:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/29 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Thom\Documents\Battlefield 3
[2012/03/29 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Thom\Desktop\BF3
[2012/03/29 14:43:31 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Local\WB Games
[2012/03/29 14:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
[2012/03/29 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Snowblind Studios
[2012/03/29 13:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/03/29 13:32:54 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/03/29 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/03/29 13:32:19 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\DAEMON Tools Lite
[2012/03/29 13:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/03/27 18:15:42 | 000,000,000 | ---D | C] -- C:\Users\Thom\AppData\Roaming\wargaming.net
[2012/03/27 18:15:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/03/27 18:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/03/27 18:15:23 | 000,000,000 | ---D | C] -- C:\Games
[2012/03/25 15:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/25 15:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 02:33:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 02:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 02:33:04 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 02:32:21 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 02:32:21 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 02:32:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/18 01:50:38 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/18 01:50:38 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/17 17:02:18 | 000,000,046 | ---- | M] () -- C:\Users\Thom\jagex_runescape_preferences.dat
[2012/04/17 16:54:45 | 000,000,129 | ---- | M] () -- C:\Users\Thom\jagex_runescape_preferences2.dat
[2012/04/16 21:40:39 | 000,000,032 | ---- | M] () -- C:\Users\Thom\jagex_cl_runescape_LIVE.dat
[2012/04/14 09:50:18 | 094,907,670 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/04/13 15:13:28 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/06 16:31:01 | 000,001,135 | ---- | M] () -- C:\Users\Thom\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2012/04/06 16:31:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2012/03/30 10:28:20 | 003,622,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/29 14:38:02 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\Lord of the Rings - War in the North.lnk
[2012/03/29 13:34:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/03/29 13:32:54 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/03/27 18:15:25 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/03/20 19:08:39 | 000,000,044 | ---- | M] () -- C:\Users\Thom\jagex_cl_runescape_LIVE1.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 16:31:01 | 000,001,135 | ---- | C] () -- C:\Users\Thom\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2012/04/06 16:31:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2012/04/05 10:15:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 16:47:00 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/03/29 14:38:02 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\Lord of the Rings - War in the North.lnk
[2012/03/29 13:34:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/03/27 18:15:25 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2011/10/20 03:31:20 | 000,000,007 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy Login.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/15 18:44:23 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 23:01:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/20 23:00:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/17 17:54:35 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/13 18:50:55 | 000,000,063 | ---- | C] () -- C:\ProgramData\anwblog2010.cfg
[2011/06/10 17:25:35 | 000,000,298 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy_ipsych0.ini
[2011/05/18 16:46:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/05/16 17:31:51 | 000,000,590 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBuddy_th0mh.ini
[2010/12/28 18:23:19 | 000,000,020 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\ArbiAuth.ini
[2010/10/21 16:44:22 | 000,000,097 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBot_Accounts.ini
[2010/09/29 12:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll
[2010/08/13 17:21:24 | 000,000,170 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\RSBot Accounts.ini
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/04 15:19:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/03 18:24:23 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/05/03 18:24:23 | 000,138,056 | ---- | C] () -- C:\Users\Thom\AppData\Roaming\PnkBstrK.sys
[2010/05/03 18:23:57 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/05/03 18:23:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/05/03 18:23:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/04/29 02:47:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/05/06 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\.maltego
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Azureus
[2011/05/05 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Belastingdienst
[2012/03/29 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\DAEMON Tools Lite
[2011/01/04 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Dropbox
[2011/06/11 00:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Easy Macro Recorder
[2012/02/14 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\EpicBot
[2011/11/17 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Leadertech
[2010/07/11 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\LimeWirePlus
[2011/06/18 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\LolClient
[2011/06/11 00:14:27 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Macro Recorder
[2011/08/02 12:51:03 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Mouse Recorder Pro
[2012/02/16 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Notepad++
[2012/03/29 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Origin
[2011/11/20 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Publish Providers
[2011/01/28 23:44:34 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Raptr
[2011/11/20 20:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Sony
[2012/04/11 17:58:09 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Spotify
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\SystemSecurityGuard
[2012/04/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\TS3Client
[2012/03/14 15:01:28 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\TuneUpMedia
[2011/03/02 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Uniblue
[2012/03/27 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\wargaming.net
[2011/02/21 20:11:59 | 000,000,000 | ---D | M] -- C:\Users\Thom\AppData\Roaming\Wireshark
[2012/02/03 13:35:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B81F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}

< End of report >

#22
Essexboy

Posted 18 April 2012 - 03:11 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you download UNHIDE.EXE from here please and then run

Once run let me know of any remaining problems

#23
th0mh

Posted 18 April 2012 - 03:19 AM

Member

Topic Starter
Member
32 posts

While running the program this error pops up: There is no disk in the drive. Please insert a disk into drive\device\harddisk1\DR1. Do i need to put in an empty disk ? or ksip al the errors

#24
Essexboy

Posted 18 April 2012 - 03:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Skip the errors and I will check this out - could you ensure that there is no CD in the drive

#25
th0mh

Posted 18 April 2012 - 03:23 AM

Member

Topic Starter
Member
32 posts

Ive made sure there is no cd in the cd drive the program has run. But the icons are still invisible. And another thing is I cant acces some files in my documents folder like my music, My pictures and that kinda stuff.

#26
Essexboy

Posted 18 April 2012 - 06:24 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we will now use an external programme to reset them

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Leave the preselected items ticked and tick restart system when finished
Posted Image

#27
th0mh

Posted 18 April 2012 - 07:21 AM

Member

Topic Starter
Member
32 posts

If run the program it went flawless. But still my desktop is empty for some reason. And still i cant access my documents and settings folder.

#28
Essexboy

Posted 18 April 2012 - 07:23 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you now retry Roguekiller please - especially the Hijack element.. In fact do that part first

#29
th0mh

Posted 18 April 2012 - 07:56 AM

Member

Topic Starter
Member
32 posts

Thank you so much! I dont know how i can thank you for putting all the time into this my desktop is back:D. Is there any possible way there could still be some type of trojan on my pc?

#30
th0mh

Posted 18 April 2012 - 08:00 AM

Member

Topic Starter
Member
32 posts

These are the reports that showed up on my desktop.

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Thom [Admin rights]
Mode: Scan -- Date: 04/18/2012 02:41:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 +++++
--- User ---
[MBR] 687f22ffe3b01f1326eb730ea1469f12
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 599943 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1228683330 | Size: 10534 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: -Pretec 04GB USB Device +++++
--- User ---
[MBR] 445974c8d1cbad2bd2574c2214f19e17
[BSP] 49188ffa2d2ae3fc22ad7ec52dd9c890 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3224498923 | Size: 211362 Mo
1 - [XXXXXX] FAT16 (0x16) [HIDDEN!] Offset (sectors): 3272020941 | Size: 953837 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 50200576 | Size: 451335 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

=====================================================================================
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Thom [Admin rights]
Mode: Remove -- Date: 04/18/2012 02:43:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 +++++
--- User ---
[MBR] 687f22ffe3b01f1326eb730ea1469f12
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 599943 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1228683330 | Size: 10534 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: -Pretec 04GB USB Device +++++
--- User ---
[MBR] 445974c8d1cbad2bd2574c2214f19e17
[BSP] 49188ffa2d2ae3fc22ad7ec52dd9c890 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3224498923 | Size: 211362 Mo
1 - [XXXXXX] FAT16 (0x16) [HIDDEN!] Offset (sectors): 3272020941 | Size: 953837 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 50200576 | Size: 451335 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

========================================================================================

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Thom [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/18/2012 02:45:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 17 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 210 / Fail 0
My documents: Success 39 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 83 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\CdRom1 -- 0x5 --> Skipped
[K:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

===========================================================================

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Thom [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/18/2012 02:47:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\CdRom1 -- 0x5 --> Skipped
[K:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt