1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Crypted.Gen icked by Avira and speading

Discussion in 'Virus & Other Malware Removal' started by ti-gris, Apr 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Alvira picked up: Crypted.gen (Virus or Trojan), and its speading. It can be seen in several files. It couldnt be repaired so its in quarantine. Aside from this, the computer has not been as prime as it has been for the last two weeks. I'm attaching a HJT log for your kind attention. In 023 I notice 18 services entries and I suspect most of them are fake. I ran Avirus and Avast and nothing to report (I only use one);
    I ran SuperAntiMalware and Malwarebytes and nothing to report.
    Thanks in advance



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:21:55 PM, on 23/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msntask.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O13 - Gopher Prefix:
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10659 bytes
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  3. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    dvk01, thanks you for for quick resonse, here is the log requested: :p

    OTS logfile created on: 05/05/2010 1:23:14 PM - Run 1
    OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Tigris\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 684.47 Gb Total Space | 554.84 Gb Free Space | 81.06% Space Free | Partition Type: NTFS
    Drive D: | 14.16 Gb Total Space | 2.00 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TIGRIS-PC
    Current User Name: Tigris
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    ots.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
    avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/19 09:35:26 | 000,267,432 | ---- | M] (Avira GmbH)
    avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/04/14 12:47:08 | 002,790,472 | ---- | M] (ALWIL Software)
    avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
    teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
    avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH)
    sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH)
    flashutil10e.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe -> [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
    java.exe -> C:\Windows\SysWOW64\java.exe -> [2009/12/17 18:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
    winpatrol.exe -> C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -> [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios)
    seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
    nmsrvc.exe -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
    nmctxth.exe -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
    hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
    linksysupdater.exe -> C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/11/13 15:43:49 | 000,204,800 | ---- | M] ()
    launchu3.exe -> C:\ProgramData\U3\U3Launcher\LaunchU3.exe -> [2005/12/20 16:40:40 | 000,921,600 | ---- | M] ()

    [Modules - Safe List]
    ots.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
    comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation)
    msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation)

    [Win32 Services - Safe List]
    64bit-(avast! Web Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
    64bit-(avast! Mail Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
    64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
    64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation)
    64bit-(MSCamSvc) [Auto | Running] -> C:\Program Files\Microsoft LifeCam\MSCamS64.exe -> [2009/07/24 15:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation)
    64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)
    (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/19 09:35:26 | 000,267,432 | ---- | M] (Avira GmbH)
    (GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2010/03/23 21:35:20 | 000,246,520 | ---- | M] (WildTangent, Inc.)
    (TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
    (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH)
    (SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
    (clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation)
    (nmservice) Pure Networks Platform Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
    (LinksysUpdater) Linksys Updater [Auto | Running] -> C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/11/13 15:43:49 | 000,204,800 | ---- | M] ()
    (MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
    (vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M] ()
    (VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M] ()

    [Driver Services - Safe List]
    64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/14 12:35:51 | 000,051,280 | ---- | M] (ALWIL Software)
    64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/14 12:35:31 | 000,121,936 | ---- | M] (ALWIL Software)
    64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/14 12:31:42 | 000,028,752 | ---- | M] (ALWIL Software)
    64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/14 12:31:27 | 000,063,568 | ---- | M] (ALWIL Software)
    64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/14 12:31:03 | 000,022,096 | ---- | M] (ALWIL Software)
    64bit-(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\avipbb.sys -> [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH)
    64bit-(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\avgntflt.sys -> [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH)
    64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2009/04/11 01:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation)
    64bit-(PCDSRVC{F36B3A4C-F95654BD-06000000}_0) PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -> [2009/02/02 14:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.)
    64bit-(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\purendis.sys -> [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.)
    64bit-(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\pnarp.sys -> [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.)
    64bit-(rcmirror) rcmirror [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\rcmirror.sys -> [2008/10/09 10:17:06 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
    64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\athrx.sys -> [2008/09/18 13:39:50 | 001,168,384 | ---- | M] (Atheros Communications, Inc.)
    64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation)
    64bit-(SSPORT) SSPORT [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\SSPORT.sys -> [2007/11/09 04:14:06 | 000,011,576 | ---- | M] (Samsung Electronics)
    64bit-(DgiVecp) DgiVecp [Kernel | Auto | Stopped] -> C:\Windows\SysNative\Drivers\DgiVecp.sys -> [2007/11/09 04:14:03 | 000,054,072 | ---- | M] (Samsung Electronics)
    (Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M] ()
    (mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M] ()

    [Registry - Safe List]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page" -> http://www.sympatico.ca/ ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page Redirect Cache" -> http://ca.msn.com/?lang=en-ca&OCID=FW69157 ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-ca ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: "ProxyEnable" -> 0 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions -> ->
    < FireFox Extensions [User Folders] > ->
    < HOSTS File > ([2010/03/17 13:14:38 | 000,380,731 | R--- | M] - 13161 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
    First 25 entries...
    Reset Hosts
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
    {d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2009/01/22 13:36:54 | 000,082,768 | ---- | M] (Microsoft Corp.)
    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2009/01/22 13:36:54 | 000,082,768 | ---- | M] (Microsoft Corp.)
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "HP Remote Software" -> C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe] -> [2009/02/06 16:11:34 | 000,172,032 | ---- | M] ()
    "NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/10/30 15:19:00 | 016,335,976 | ---- | M] (NVIDIA Corporation)
    "NVRaidService" -> C:\Windows\SysNative\nvraidservice.exe [C:\Windows\system32\nvraidservice.exe] -> [2008/08/18 22:01:52 | 000,333,344 | ---- | M] (NVIDIA Corporation)
    "SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe] -> [2009/03/05 21:28:58 | 000,915,512 | ---- | M] (Hewlett-Packard)
    "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 22:47:32 | 001,584,184 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "" -> [] -> File not found
    "avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH)
    "HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/12/04 11:14:48 | 000,075,016 | ---- | M] (Hewlett-Packard)
    "hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
    "LifeCam" -> C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe ["C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"] -> [2009/07/24 15:04:54 | 000,118,624 | ---- | M] (Microsoft Corporation)
    "Microsoft Default Manager" -> c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/06 19:03:24 | 000,224,616 | ---- | M] (Microsoft Corp.)
    "nmctxth" -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ["C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
    "WinPatrol" -> C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe ["C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot] -> [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios)
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoActiveDesktop" -> [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6775 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
    {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
    Garmin Communicator Plug-In [HKLM] -> https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB [Reg Error: Key error.] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 192.168.2.1 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {C4046FFA-F295-4F6C-A778-51E85819CCD9}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce 10/100 Mbps Ethernet ) ->
    {F06E95AE-873D-4A14-B963-ADB09E044612}\\DhcpNameServer -> 192.168.2.1 (Atheros 802.11 a/b/g/n Dualband Wireless Network Module) ->
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
    < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
    {38EF6783-16E1-45DF-8905-C363BB1F8BFD} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv |
    {39E12544-4DDB-4330-9D5B-AA501CF2CE7D} -> lport=67 | profile=private | protocol=17 | dir=in | action=allow | name=dhcp discovery service |
    {3BC150BC-912D-4DF3-9187-D50EFC517269} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
    {6DDA1042-93E4-447D-986F-F1AAF7098009} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
    {B04C0B4D-1B0A-4D57-871F-5AA06AF9B9FE} -> lport=67 | profile=public | protocol=17 | dir=in | action=allow | name=dhcp discovery service |
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
    {10656355-FE3D-4557-B674-9BCCE9ACCBD1} -> profile=private | protocol=17 | dir=in | action=allow | name=lifetray.exe | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    {125BA303-360C-4F57-8D86-0316BB849144} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    {1BFE71D1-EEB5-42F6-9D86-504C4AEE8B95} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    {2E22C464-0D75-4401-9BC1-DA14873C64C6} -> profile=private | protocol=6 | dir=in | action=allow | name=lifeexp.exe | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    {401C2B39-34BD-4A79-A676-F69109EC6D71} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    {42552CF4-0438-4EAB-88EC-B9F477584182} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    {53A833A0-CB46-4028-8A09-07594611CBEE} -> profile=public | protocol=6 | dir=in | action=allow | name=pure networks platform service | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    {56715760-D6D0-46C7-983E-705D512EABF0} -> profile=private | protocol=6 | dir=in | action=allow | name=lifeenc2.exe | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    {573F5E72-2FA8-4CF8-8268-43C7A88AFC90} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    {5F18FC26-83F3-4D46-AB34-3351A2E4B8FA} -> profile=public | protocol=17 | dir=in | action=allow | name=pure networks platform service | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    {6A7CA983-CAE7-48FA-A77E-F36B715B2447} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
    {799E09D8-06E0-41AD-8E41-22818276C809} -> profile=private | protocol=6 | dir=in | action=allow | name=lifecam.exe | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    {7EB12594-C3D3-4300-8503-59C80264C40B} -> profile=private | protocol=17 | dir=in | action=allow | name=lifecam.exe | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    {846798C5-FD4B-49DB-9147-7D2AD29813E9} -> profile=private | protocol=17 | dir=in | action=allow | name=lifeexp.exe | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    {9316A686-F346-464A-A920-1C6362663FD7} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    {9523B479-9C57-4C04-AD35-1A4F9B4C4ECF} -> profile=private | protocol=17 | dir=in | action=allow | name=lifeenc2.exe | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    {96DFF320-9AC1-46B3-A971-4603A575D4FB} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    {9F62DD46-04F5-4344-9A91-B4B40582243D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    {A29AF67E-055C-4BC6-8302-EA8E0906EAE3} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    {A3AD3F0C-D0F5-4FB7-9383-3DAA12AD55E2} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    {A55F8018-64B5-4F30-AD93-3810ABD1BE4E} -> profile=private | protocol=6 | dir=in | action=allow | name=lifetray.exe | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    {AC0783F1-A7EE-4533-BDF9-2076495E0619} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    {BB974DDC-2381-4DCC-B441-E91280EB164A} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    {C78C8187-EF42-4F6B-9F16-6947E4F8F09A} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    {DDC844CE-2666-4DAA-9286-D8C7D932850E} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    {DE9D195A-D8CB-4689-BB48-D9977EF7EF82} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    {F9CC31E5-782D-470D-8D7E-D1A03BE1BF58} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    TCP Query User{00DC0845-DA13-41E3-89B1-1E8316DA063F}C:\program files (x86)\microsoft games\age of empires\empires.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
    TCP Query User{0C5E105F-C912-43DA-ACA3-E35804122BA0}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
    TCP Query User{44CF4DC6-923E-49CA-A818-D90AE5F11FEF}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
    UDP Query User{0D7B6D5E-CF99-41B2-B24D-55CF47416BBC}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
    UDP Query User{36DD068B-84FA-45E1-98DB-872635C2139E}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
    UDP Query User{9E2A5A2F-0C56-4BBC-80F2-5B65964A096E}C:\program files (x86)\microsoft games\age of empires\empires.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 01:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    \J
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell
    \J\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell\AutoRun\command
    \J\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
    \{119443a1-84e5-11de-acbb-0026181a0eee}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119443a1-84e5-11de-acbb-0026181a0eee}\shell
    \{119443a1-84e5-11de-acbb-0026181a0eee}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119443a1-84e5-11de-acbb-0026181a0eee}\shell\AutoRun\command
    \{119443a1-84e5-11de-acbb-0026181a0eee}\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
    \{3ebff672-840a-11de-95c2-0026181a0eee}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ebff672-840a-11de-95c2-0026181a0eee}\shell
    \{3ebff672-840a-11de-95c2-0026181a0eee}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ebff672-840a-11de-95c2-0026181a0eee}\shell\AutoRun\command
    \{3ebff672-840a-11de-95c2-0026181a0eee}\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    64bit-comfile [open] -> "%1" %* -> File not found
    64bit-exefile [open] -> "%1" %* -> File not found
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->


    [Files/Folders - Created Within 30 Days]
    OTS.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:18:55 | 000,640,000 | ---- | C] (OldTimer Tools)
    Adobe -> C:\Users\Tigris\AppData\Local\Adobe -> [2010/05/04 14:43:20 | 000,000,000 | ---D | C]
    Skype -> C:\Program Files (x86)\Common Files\Skype -> [2010/05/03 16:21:42 | 000,000,000 | ---D | C]
    Skype -> C:\Program Files (x86)\Skype -> [2010/05/03 16:21:37 | 000,000,000 | R--D | C]
    CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/04/29 18:09:19 | 000,000,000 | ---D | C]
    SUPERAntiSpyware.com -> C:\Users\Tigris\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/27 13:58:14 | 000,000,000 | ---D | C]
    SUPERAntiSpyware -> C:\Program Files (x86)\SUPERAntiSpyware -> [2010/04/27 13:58:14 | 000,000,000 | ---D | C]
    Simon Impot2009 -> C:\Users\Tigris\Desktop\Documents\Simon Impot2009 -> [2010/04/25 19:27:22 | 000,000,000 | ---D | C]
    HP -> C:\Program Files (x86)\HP -> [2010/04/21 08:56:45 | 000,000,000 | ---D | C]
    HpUpdate -> C:\Users\Tigris\AppData\Roaming\HpUpdate -> [2010/04/21 08:56:07 | 000,000,000 | ---D | C]
    Hewlett-Packard -> C:\Windows\Hewlett-Packard -> [2010/04/21 08:56:05 | 000,000,000 | ---D | C]
    aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/15 21:07:21 | 000,022,096 | ---- | C] (ALWIL Software)
    aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/15 21:07:20 | 000,121,936 | ---- | C] (ALWIL Software)
    aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/15 21:07:20 | 000,028,752 | ---- | C] (ALWIL Software)
    aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/15 21:07:19 | 000,063,568 | ---- | C] (ALWIL Software)
    aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/15 21:07:19 | 000,051,280 | ---- | C] (ALWIL Software)
    aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2010/04/15 21:07:05 | 000,153,184 | ---- | C] (ALWIL Software)
    avastSS.scr -> C:\Windows\SysWow64\avastSS.scr -> [2010/04/15 21:07:05 | 000,038,848 | ---- | C] (ALWIL Software)
    Avira -> C:\Users\Tigris\AppData\Roaming\Avira -> [2010/04/15 19:29:45 | 000,000,000 | ---D | C]
    avipbb.sys -> C:\Windows\SysNative\drivers\avipbb.sys -> [2010/04/15 19:21:32 | 000,116,568 | ---- | C] (Avira GmbH)
    avgntflt.sys -> C:\Windows\SysNative\drivers\avgntflt.sys -> [2010/04/15 19:21:32 | 000,081,072 | ---- | C] (Avira GmbH)
    avgntdd.sys -> C:\Windows\SysWow64\drivers\avgntdd.sys -> [2010/04/15 19:21:32 | 000,051,992 | ---- | C] (AVIRA GmbH)
    avgntmgr.sys -> C:\Windows\SysWow64\drivers\avgntmgr.sys -> [2010/04/15 19:21:32 | 000,017,016 | ---- | C] (AVIRA GmbH)
    Avira -> C:\ProgramData\Avira -> [2010/04/15 19:21:31 | 000,000,000 | ---D | C]
    Avira -> C:\Program Files (x86)\Avira -> [2010/04/15 19:21:31 | 000,000,000 | ---D | C]
    wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 08:41:48 | 000,218,624 | ---- | C] (Microsoft Corporation)
    wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 08:41:48 | 000,172,032 | ---- | C] (Microsoft Corporation)
    ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 08:41:46 | 004,697,992 | ---- | C] (Microsoft Corporation)
    vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 08:41:42 | 000,612,864 | ---- | C] (Microsoft Corporation)
    vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 08:41:42 | 000,420,352 | ---- | C] (Microsoft Corporation)
    l3codecp.acm -> C:\Windows\SysWow64\l3codecp.acm -> [2010/04/14 08:41:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
    l3codecp.acm -> C:\Windows\SysNative\l3codecp.acm -> [2010/04/14 08:41:41 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
    l3codeca.acm -> C:\Windows\SysNative\l3codeca.acm -> [2010/04/14 08:41:41 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
    l3codeca.acm -> C:\Windows\SysWow64\l3codeca.acm -> [2010/04/14 08:41:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
    cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 08:41:40 | 000,104,960 | ---- | C] (Microsoft Corporation)
    cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 08:41:40 | 000,098,304 | ---- | C] (Microsoft Corporation)
    5 C:\Users\Tigris\Desktop\Documents\*.tmp files -> C:\Users\Tigris\Desktop\Documents\*.tmp ->
    1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    ntuser.dat -> C:\Users\Tigris\ntuser.dat -> [2010/05/05 13:22:29 | 006,029,312 | -HS- | M] ()
    OTS.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
    Crypted.Gen Picked by Avia and spreading.mht -> C:\Users\Tigris\Desktop\Crypted.Gen Picked by Avia and spreading.mht -> [2010/05/05 13:15:30 | 000,338,190 | ---- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:27:08 | 000,003,616 | -H-- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:27:08 | 000,003,616 | -H-- | M] ()
    PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/05 09:32:57 | 000,690,960 | ---- | M] ()
    perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/05 09:32:57 | 000,599,942 | ---- | M] ()
    perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/05 09:32:57 | 000,105,448 | ---- | M] ()
    nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/05/05 09:27:17 | 000,048,318 | ---- | M] ()
    nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/05/05 09:27:16 | 000,048,318 | ---- | M] ()
    LaunchU3.exe.lnk -> C:\Users\Tigris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> [2010/05/05 09:27:15 | 000,002,435 | ---- | M] ()
    SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/05 09:27:15 | 000,000,006 | -H-- | M] ()
    bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/05 09:27:06 | 000,067,584 | --S- | M] ()
    ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Tigris\ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/04 20:00:06 | 000,524,288 | -HS- | M] ()
    ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TM.blf -> C:\Users\Tigris\ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TM.blf -> [2010/05/04 20:00:06 | 000,065,536 | -HS- | M] ()
    IconCache.db -> C:\Users\Tigris\AppData\Local\IconCache.db -> [2010/05/04 13:37:55 | 002,661,918 | -H-- | M] ()
    Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/05/03 16:21:42 | 000,001,890 | ---- | M] ()
    ResourceServlet.pdf -> C:\Users\Tigris\Desktop\ResourceServlet.pdf -> [2010/05/02 09:30:14 | 000,043,229 | ---- | M] ()
    cheque.rtf -> C:\Users\Tigris\Desktop\Documents\cheque.rtf -> [2010/05/01 09:47:39 | 000,000,761 | ---- | M] ()
    e-pass Fed Paul.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Fed Paul.rtf -> [2010/04/30 20:04:54 | 000,001,959 | ---- | M] ()
    e-pass Monique.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Monique.rtf -> [2010/04/30 19:41:42 | 000,000,478 | ---- | M] ()
    ARC-e-pass.rtf -> C:\Users\Tigris\Desktop\Documents\ARC-e-pass.rtf -> [2010/04/30 16:16:11 | 000,001,522 | ---- | M] ()
    CCleaner.lnk -> C:\Users\Tigris\Desktop\CCleaner.lnk -> [2010/04/30 13:11:48 | 000,001,726 | ---- | M] ()
    FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/29 12:53:18 | 000,299,952 | ---- | M] ()
    Document220.rtf -> C:\Users\Tigris\Desktop\Documents\Document220.rtf -> [2010/04/25 20:11:58 | 000,003,971 | ---- | M] ()
    HJT21.rtf -> C:\Users\Tigris\Desktop\Documents\HJT21.rtf -> [2010/04/25 17:54:53 | 000,003,743 | ---- | M] ()
    Internet Explorer.lnk -> C:\Users\Tigris\Desktop\Internet Explorer.lnk -> [2010/04/25 12:10:10 | 000,000,981 | ---- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Tigris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/23 13:37:19 | 000,015,872 | ---- | M] ()
    Samsung Toner.rtf -> C:\Users\Tigris\Desktop\Documents\Samsung Toner.rtf -> [2010/04/23 13:19:34 | 000,000,430 | ---- | M] ()
    annexe s.eml -> C:\Users\Tigris\Desktop\Documents\annexe s.eml -> [2010/04/22 19:25:56 | 000,110,258 | ---- | M] ()
    annexe s - quebec.eml -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml -> [2010/04/22 19:22:58 | 000,110,284 | ---- | M] ()
    redressement t1.eml -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml -> [2010/04/22 19:19:29 | 000,076,389 | ---- | M] ()
    t1-adj-08f.pdf -> C:\Users\Tigris\Desktop\Documents\t1-adj-08f.pdf -> [2010/04/22 19:16:11 | 000,053,181 | ---- | M] ()
    marie-france&michel.qbk -> C:\Users\Tigris\Desktop\marie-france&michel.qbk -> [2010/04/20 14:27:36 | 000,087,056 | ---- | M] ()
    config.nt -> C:\Windows\SysWow64\config.nt -> [2010/04/15 21:10:20 | 000,000,000 | ---- | M] ()
    avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/04/15 21:07:21 | 000,001,798 | ---- | M] ()
    setup_av_free.exe -> C:\Users\Tigris\Desktop\setup_av_free.exe -> [2010/04/15 21:05:13 | 045,942,928 | ---- | M] ()
    Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/04/15 19:21:36 | 000,001,903 | ---- | M] ()
    avira_antivir_personal_en.exe -> C:\Users\Tigris\Desktop\avira_antivir_personal_en.exe -> [2010/04/15 19:11:46 | 042,281,152 | ---- | M] ()
    avastSS.scr -> C:\Windows\SysWow64\avastSS.scr -> [2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software)
    aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software)
    aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/14 12:35:51 | 000,051,280 | ---- | M] (ALWIL Software)
    aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/14 12:35:31 | 000,121,936 | ---- | M] (ALWIL Software)
    aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/14 12:31:42 | 000,028,752 | ---- | M] (ALWIL Software)
    aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/14 12:31:27 | 000,063,568 | ---- | M] (ALWIL Software)
    aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/14 12:31:03 | 000,022,096 | ---- | M] (ALWIL Software)
    marie-france&michel.q09 - Shortcut.lnk -> C:\Users\Tigris\Desktop\Documents\marie-france&michel.q09 - Shortcut.lnk -> [2010/04/13 13:13:58 | 000,000,326 | ---- | M] ()
    TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010/04/06 15:36:19 | 000,000,999 | ---- | M] ()
    TeamViewer_Setup.exe -> C:\Users\Tigris\Desktop\TeamViewer_Setup.exe -> [2010/04/06 15:30:52 | 002,822,656 | ---- | M] ()
    Google.url -> C:\Users\Tigris\Desktop\Google.url -> [2010/04/06 12:03:13 | 000,000,208 | ---- | M] ()
    5 C:\Users\Tigris\Desktop\Documents\*.tmp files -> C:\Users\Tigris\Desktop\Documents\*.tmp ->
    1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

    [Files - No Company Name]
    Crypted.Gen Picked by Avia and spreading.mht -> C:\Users\Tigris\Desktop\Crypted.Gen Picked by Avia and spreading.mht -> [2010/05/05 13:15:27 | 000,338,190 | ---- | C] ()
    Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/05/03 16:21:42 | 000,001,890 | ---- | C] ()
    ResourceServlet.pdf -> C:\Users\Tigris\Desktop\ResourceServlet.pdf -> [2010/05/02 09:30:13 | 000,043,229 | ---- | C] ()
    e-pass Fed Paul.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Fed Paul.rtf -> [2010/04/30 19:57:03 | 000,001,959 | ---- | C] ()
    e-pass Monique.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Monique.rtf -> [2010/04/30 19:41:42 | 000,000,478 | ---- | C] ()
    CCleaner.lnk -> C:\Users\Tigris\Desktop\CCleaner.lnk -> [2010/04/29 18:09:22 | 000,001,726 | ---- | C] ()
    ARC-e-pass.rtf -> C:\Users\Tigris\Desktop\Documents\ARC-e-pass.rtf -> [2010/04/29 14:17:44 | 000,001,522 | ---- | C] ()
    IconCache.db -> C:\Users\Tigris\AppData\Local\IconCache.db -> [2010/04/27 19:55:13 | 002,661,918 | -H-- | C] ()
    Document220.rtf -> C:\Users\Tigris\Desktop\Documents\Document220.rtf -> [2010/04/25 20:11:58 | 000,003,971 | ---- | C] ()
    hijackthis22.log -> C:\Users\Tigris\hijackthis22.log -> [2010/04/25 20:11:00 | 000,010,699 | ---- | C] ()
    HJT21.rtf -> C:\Users\Tigris\Desktop\Documents\HJT21.rtf -> [2010/04/25 17:54:27 | 000,003,743 | ---- | C] ()
    Internet Explorer.lnk -> C:\Users\Tigris\Desktop\Internet Explorer.lnk -> [2010/04/25 12:10:10 | 000,000,981 | ---- | C] ()
    Samsung Toner.rtf -> C:\Users\Tigris\Desktop\Documents\Samsung Toner.rtf -> [2010/04/23 13:17:31 | 000,000,430 | ---- | C] ()
    annexe s.eml -> C:\Users\Tigris\Desktop\Documents\annexe s.eml -> [2010/04/22 19:25:55 | 000,110,258 | ---- | C] ()
    annexe s - quebec.eml -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml -> [2010/04/22 19:22:57 | 000,110,284 | ---- | C] ()
    redressement t1.eml -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml -> [2010/04/22 19:19:28 | 000,076,389 | ---- | C] ()
    t1-adj-08f.pdf -> C:\Users\Tigris\Desktop\Documents\t1-adj-08f.pdf -> [2010/04/22 19:16:11 | 000,053,181 | ---- | C] ()
    cheque.rtf -> C:\Users\Tigris\Desktop\Documents\cheque.rtf -> [2010/04/22 16:52:51 | 000,000,761 | ---- | C] ()
    avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/04/15 21:07:21 | 000,001,798 | ---- | C] ()
    dd_vcredistMSI5279.txt -> C:\Users\Tigris\AppData\Local\dd_vcredistMSI5279.txt -> [2010/04/15 21:07:11 | 000,376,122 | ---- | C] ()
    dd_vcredistUI5279.txt -> C:\Users\Tigris\AppData\Local\dd_vcredistUI5279.txt -> [2010/04/15 21:07:10 | 000,011,442 | ---- | C] ()
    setup_av_free.exe -> C:\Users\Tigris\Desktop\setup_av_free.exe -> [2010/04/15 21:05:11 | 045,942,928 | ---- | C] ()
    Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/04/15 19:21:36 | 000,001,903 | ---- | C] ()
    avira_antivir_personal_en.exe -> C:\Users\Tigris\Desktop\avira_antivir_personal_en.exe -> [2010/04/15 19:11:46 | 042,281,152 | ---- | C] ()
    Simon Impot 2009.pdf -> C:\Users\Tigris\Desktop\Simon Impot 2009.pdf -> [2010/04/13 16:46:17 | 000,253,706 | ---- | C] ()
    marie-france&michel.qbk -> C:\Users\Tigris\Desktop\marie-france&michel.qbk -> [2010/04/13 13:36:15 | 000,087,056 | ---- | C] ()
    marie-france&michel.q09 - Shortcut.lnk -> C:\Users\Tigris\Desktop\Documents\marie-france&michel.q09 - Shortcut.lnk -> [2010/04/13 13:13:58 | 000,000,326 | ---- | C] ()
    TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010/04/06 15:36:19 | 000,000,999 | ---- | C] ()
    TeamViewer_Setup.exe -> C:\Users\Tigris\Desktop\TeamViewer_Setup.exe -> [2010/04/06 15:30:38 | 002,822,656 | ---- | C] ()
    EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/09/11 10:15:17 | 000,117,248 | ---- | C] ()
    msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/09/11 10:14:26 | 000,368,640 | ---- | C] ()
    pythoncom26.dll -> C:\Windows\SysWow64\pythoncom26.dll -> [2009/05/20 15:18:30 | 000,354,816 | ---- | C] ()
    pywintypes26.dll -> C:\Windows\SysWow64\pywintypes26.dll -> [2009/05/20 15:18:30 | 000,108,032 | ---- | C] ()
    tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 000,060,124 | ---- | C] ()
    ineyuni.dll -> C:\Windows\SysWow64\ineyuni.dll -> [2008/01/20 22:49:18 | 000,026,626 | ---- | C] ()
    HPBroker.dll -> C:\Windows\HPBroker.dll -> [2008/01/14 17:47:06 | 000,099,712 | ---- | C] ()
    GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:07:25 | 000,037,665 | ---- | C] ()
    GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,029,779 | ---- | C] ()
    GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,026,489 | ---- | C] ()
    GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:07:25 | 000,026,040 | ---- | C] ()

    [Alternate Data Streams]
    @Alternate Data Stream - 733 bytes -> C:\Users\Tigris\Desktop\Documents\annexe s.eml:OECustomProperty
    @Alternate Data Stream - 769 bytes -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml:OECustomProperty
    @Alternate Data Stream - 781 bytes -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml:OECustomProperty
    < End of report >
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    nothing wrong there

    what files does avira find as infected
     
  5. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    dvk01
    sorry that was 13 days ago, they were put in the chest and now they are gone!!Scanned with Avast and nothing is there anymore. Had jotted down on a piece of paper but cant find it. Lets say its clean, and I remember two of them were temp files so I cleaned it two days after my original post. Any idea about all those 023 files with "fille missing" entries. thank you for your time.
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    the missing files aren't missing and are all needed legimate services on W7
    it is a bug in HJT that it can't read services etc on a 64 bit computer
     
  7. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    dvk01
    Thank you for your reply. I'l mark :Solved". By the way I'm using Vista but its 64. So these files are legit.(y)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919401

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice