Crypted.Gen icked by Avira and speading

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ti-gris

Thread Starter
Joined
Apr 23, 2005
Messages
205
Alvira picked up: Crypted.gen (Virus or Trojan), and its speading. It can be seen in several files. It couldnt be repaired so its in quarantine. Aside from this, the computer has not been as prime as it has been for the last two weeks. I'm attaching a HJT log for your kind attention. In 023 I notice 18 services entries and I suspect most of them are fake. I ran Avirus and Avast and nothing to report (I only use one);
I ran SuperAntiMalware and Malwarebytes and nothing to report.
Thanks in advance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:55 PM, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msntask.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10659 bytes
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

ti-gris

Thread Starter
Joined
Apr 23, 2005
Messages
205
dvk01, thanks you for for quick resonse, here is the log requested: :p

OTS logfile created on: 05/05/2010 1:23:14 PM - Run 1
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Tigris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.47 Gb Total Space | 554.84 Gb Free Space | 81.06% Space Free | Partition Type: NTFS
Drive D: | 14.16 Gb Total Space | 2.00 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIGRIS-PC
Current User Name: Tigris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/19 09:35:26 | 000,267,432 | ---- | M] (Avira GmbH)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/04/14 12:47:08 | 002,790,472 | ---- | M] (ALWIL Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH)
flashutil10e.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe -> [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
java.exe -> C:\Windows\SysWOW64\java.exe -> [2009/12/17 18:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
winpatrol.exe -> C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -> [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
nmsrvc.exe -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
nmctxth.exe -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
linksysupdater.exe -> C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/11/13 15:43:49 | 000,204,800 | ---- | M] ()
launchu3.exe -> C:\ProgramData\U3\U3Launcher\LaunchU3.exe -> [2005/12/20 16:40:40 | 000,921,600 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(avast! Web Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
64bit-(avast! Mail Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software)
64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation)
64bit-(MSCamSvc) [Auto | Running] -> C:\Program Files\Microsoft LifeCam\MSCamS64.exe -> [2009/07/24 15:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/19 09:35:26 | 000,267,432 | ---- | M] (Avira GmbH)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2010/03/23 21:35:20 | 000,246,520 | ---- | M] (WildTangent, Inc.)
(TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation)
(nmservice) Pure Networks Platform Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
(LinksysUpdater) Linksys Updater [Auto | Running] -> C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/11/13 15:43:49 | 000,204,800 | ---- | M] ()
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M] ()

[Driver Services - Safe List]
64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/14 12:35:51 | 000,051,280 | ---- | M] (ALWIL Software)
64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/14 12:35:31 | 000,121,936 | ---- | M] (ALWIL Software)
64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/14 12:31:42 | 000,028,752 | ---- | M] (ALWIL Software)
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/14 12:31:27 | 000,063,568 | ---- | M] (ALWIL Software)
64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/14 12:31:03 | 000,022,096 | ---- | M] (ALWIL Software)
64bit-(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\avipbb.sys -> [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH)
64bit-(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\avgntflt.sys -> [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH)
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2009/04/11 01:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation)
64bit-(PCDSRVC{F36B3A4C-F95654BD-06000000}_0) PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -> [2009/02/02 14:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.)
64bit-(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\purendis.sys -> [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.)
64bit-(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\pnarp.sys -> [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.)
64bit-(rcmirror) rcmirror [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\rcmirror.sys -> [2008/10/09 10:17:06 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\athrx.sys -> [2008/09/18 13:39:50 | 001,168,384 | ---- | M] (Atheros Communications, Inc.)
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation)
64bit-(SSPORT) SSPORT [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\SSPORT.sys -> [2007/11/09 04:14:06 | 000,011,576 | ---- | M] (Samsung Electronics)
64bit-(DgiVecp) DgiVecp [Kernel | Auto | Stopped] -> C:\Windows\SysNative\Drivers\DgiVecp.sys -> [2007/11/09 04:14:03 | 000,054,072 | ---- | M] (Samsung Electronics)
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page" -> http://www.sympatico.ca/ ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page Redirect Cache" -> http://ca.msn.com/?lang=en-ca&OCID=FW69157 ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-ca ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2010/03/17 13:14:38 | 000,380,731 | R--- | M] - 13161 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2009/01/22 13:36:54 | 000,082,768 | ---- | M] (Microsoft Corp.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2009/01/22 13:36:54 | 000,082,768 | ---- | M] (Microsoft Corp.)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"HP Remote Software" -> C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe] -> [2009/02/06 16:11:34 | 000,172,032 | ---- | M] ()
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/10/30 15:19:00 | 016,335,976 | ---- | M] (NVIDIA Corporation)
"NVRaidService" -> C:\Windows\SysNative\nvraidservice.exe [C:\Windows\system32\nvraidservice.exe] -> [2008/08/18 22:01:52 | 000,333,344 | ---- | M] (NVIDIA Corporation)
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe] -> [2009/03/05 21:28:58 | 000,915,512 | ---- | M] (Hewlett-Packard)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 22:47:32 | 001,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/12/04 11:14:48 | 000,075,016 | ---- | M] (Hewlett-Packard)
"hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"LifeCam" -> C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe ["C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"] -> [2009/07/24 15:04:54 | 000,118,624 | ---- | M] (Microsoft Corporation)
"Microsoft Default Manager" -> c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ["c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume] -> [2009/02/06 19:03:24 | 000,224,616 | ---- | M] (Microsoft Corp.)
"nmctxth" -> C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ["C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.)
"WinPatrol" -> C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe ["C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot] -> [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6772 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6775 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\] > -> HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3368311009-2469713246-989021361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
Garmin Communicator Plug-In [HKLM] -> https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{C4046FFA-F295-4F6C-A778-51E85819CCD9}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce 10/100 Mbps Ethernet ) ->
{F06E95AE-873D-4A14-B963-ADB09E044612}\\DhcpNameServer -> 192.168.2.1 (Atheros 802.11 a/b/g/n Dualband Wireless Network Module) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{38EF6783-16E1-45DF-8905-C363BB1F8BFD} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv |
{39E12544-4DDB-4330-9D5B-AA501CF2CE7D} -> lport=67 | profile=private | protocol=17 | dir=in | action=allow | name=dhcp discovery service |
{3BC150BC-912D-4DF3-9187-D50EFC517269} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{6DDA1042-93E4-447D-986F-F1AAF7098009} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{B04C0B4D-1B0A-4D57-871F-5AA06AF9B9FE} -> lport=67 | profile=public | protocol=17 | dir=in | action=allow | name=dhcp discovery service |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{10656355-FE3D-4557-B674-9BCCE9ACCBD1} -> profile=private | protocol=17 | dir=in | action=allow | name=lifetray.exe | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
{125BA303-360C-4F57-8D86-0316BB849144} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{1BFE71D1-EEB5-42F6-9D86-504C4AEE8B95} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{2E22C464-0D75-4401-9BC1-DA14873C64C6} -> profile=private | protocol=6 | dir=in | action=allow | name=lifeexp.exe | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
{401C2B39-34BD-4A79-A676-F69109EC6D71} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{42552CF4-0438-4EAB-88EC-B9F477584182} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
{53A833A0-CB46-4028-8A09-07594611CBEE} -> profile=public | protocol=6 | dir=in | action=allow | name=pure networks platform service | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
{56715760-D6D0-46C7-983E-705D512EABF0} -> profile=private | protocol=6 | dir=in | action=allow | name=lifeenc2.exe | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
{573F5E72-2FA8-4CF8-8268-43C7A88AFC90} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{5F18FC26-83F3-4D46-AB34-3351A2E4B8FA} -> profile=public | protocol=17 | dir=in | action=allow | name=pure networks platform service | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
{6A7CA983-CAE7-48FA-A77E-F36B715B2447} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{799E09D8-06E0-41AD-8E41-22818276C809} -> profile=private | protocol=6 | dir=in | action=allow | name=lifecam.exe | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
{7EB12594-C3D3-4300-8503-59C80264C40B} -> profile=private | protocol=17 | dir=in | action=allow | name=lifecam.exe | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
{846798C5-FD4B-49DB-9147-7D2AD29813E9} -> profile=private | protocol=17 | dir=in | action=allow | name=lifeexp.exe | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
{9316A686-F346-464A-A920-1C6362663FD7} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{9523B479-9C57-4C04-AD35-1A4F9B4C4ECF} -> profile=private | protocol=17 | dir=in | action=allow | name=lifeenc2.exe | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
{96DFF320-9AC1-46B3-A971-4603A575D4FB} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
{9F62DD46-04F5-4344-9A91-B4B40582243D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{A29AF67E-055C-4BC6-8302-EA8E0906EAE3} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{A3AD3F0C-D0F5-4FB7-9383-3DAA12AD55E2} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
{A55F8018-64B5-4F30-AD93-3810ABD1BE4E} -> profile=private | protocol=6 | dir=in | action=allow | name=lifetray.exe | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
{AC0783F1-A7EE-4533-BDF9-2076495E0619} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{BB974DDC-2381-4DCC-B441-E91280EB164A} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{C78C8187-EF42-4F6B-9F16-6947E4F8F09A} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{DDC844CE-2666-4DAA-9286-D8C7D932850E} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{DE9D195A-D8CB-4689-BB48-D9977EF7EF82} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{F9CC31E5-782D-470D-8D7E-D1A03BE1BF58} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
TCP Query User{00DC0845-DA13-41E3-89B1-1E8316DA063F}C:\program files (x86)\microsoft games\age of empires\empires.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
TCP Query User{0C5E105F-C912-43DA-ACA3-E35804122BA0}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
TCP Query User{44CF4DC6-923E-49CA-A818-D90AE5F11FEF}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{0D7B6D5E-CF99-41B2-B24D-55CF47416BBC}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{36DD068B-84FA-45E1-98DB-872635C2139E}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
UDP Query User{9E2A5A2F-0C56-4BBC-80F2-5B65964A096E}C:\program files (x86)\microsoft games\age of empires\empires.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 01:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\J
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell
\J\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell\AutoRun\command
\J\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
\{119443a1-84e5-11de-acbb-0026181a0eee}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119443a1-84e5-11de-acbb-0026181a0eee}\shell
\{119443a1-84e5-11de-acbb-0026181a0eee}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119443a1-84e5-11de-acbb-0026181a0eee}\shell\AutoRun\command
\{119443a1-84e5-11de-acbb-0026181a0eee}\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
\{3ebff672-840a-11de-95c2-0026181a0eee}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ebff672-840a-11de-95c2-0026181a0eee}\shell
\{3ebff672-840a-11de-95c2-0026181a0eee}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ebff672-840a-11de-95c2-0026181a0eee}\shell\AutoRun\command
\{3ebff672-840a-11de-95c2-0026181a0eee}\shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:18:55 | 000,640,000 | ---- | C] (OldTimer Tools)
Adobe -> C:\Users\Tigris\AppData\Local\Adobe -> [2010/05/04 14:43:20 | 000,000,000 | ---D | C]
Skype -> C:\Program Files (x86)\Common Files\Skype -> [2010/05/03 16:21:42 | 000,000,000 | ---D | C]
Skype -> C:\Program Files (x86)\Skype -> [2010/05/03 16:21:37 | 000,000,000 | R--D | C]
CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/04/29 18:09:19 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Users\Tigris\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/27 13:58:14 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files (x86)\SUPERAntiSpyware -> [2010/04/27 13:58:14 | 000,000,000 | ---D | C]
Simon Impot2009 -> C:\Users\Tigris\Desktop\Documents\Simon Impot2009 -> [2010/04/25 19:27:22 | 000,000,000 | ---D | C]
HP -> C:\Program Files (x86)\HP -> [2010/04/21 08:56:45 | 000,000,000 | ---D | C]
HpUpdate -> C:\Users\Tigris\AppData\Roaming\HpUpdate -> [2010/04/21 08:56:07 | 000,000,000 | ---D | C]
Hewlett-Packard -> C:\Windows\Hewlett-Packard -> [2010/04/21 08:56:05 | 000,000,000 | ---D | C]
aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/15 21:07:21 | 000,022,096 | ---- | C] (ALWIL Software)
aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/15 21:07:20 | 000,121,936 | ---- | C] (ALWIL Software)
aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/15 21:07:20 | 000,028,752 | ---- | C] (ALWIL Software)
aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/15 21:07:19 | 000,063,568 | ---- | C] (ALWIL Software)
aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/15 21:07:19 | 000,051,280 | ---- | C] (ALWIL Software)
aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2010/04/15 21:07:05 | 000,153,184 | ---- | C] (ALWIL Software)
avastSS.scr -> C:\Windows\SysWow64\avastSS.scr -> [2010/04/15 21:07:05 | 000,038,848 | ---- | C] (ALWIL Software)
Avira -> C:\Users\Tigris\AppData\Roaming\Avira -> [2010/04/15 19:29:45 | 000,000,000 | ---D | C]
avipbb.sys -> C:\Windows\SysNative\drivers\avipbb.sys -> [2010/04/15 19:21:32 | 000,116,568 | ---- | C] (Avira GmbH)
avgntflt.sys -> C:\Windows\SysNative\drivers\avgntflt.sys -> [2010/04/15 19:21:32 | 000,081,072 | ---- | C] (Avira GmbH)
avgntdd.sys -> C:\Windows\SysWow64\drivers\avgntdd.sys -> [2010/04/15 19:21:32 | 000,051,992 | ---- | C] (AVIRA GmbH)
avgntmgr.sys -> C:\Windows\SysWow64\drivers\avgntmgr.sys -> [2010/04/15 19:21:32 | 000,017,016 | ---- | C] (AVIRA GmbH)
Avira -> C:\ProgramData\Avira -> [2010/04/15 19:21:31 | 000,000,000 | ---D | C]
Avira -> C:\Program Files (x86)\Avira -> [2010/04/15 19:21:31 | 000,000,000 | ---D | C]
wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 08:41:48 | 000,218,624 | ---- | C] (Microsoft Corporation)
wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 08:41:48 | 000,172,032 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 08:41:46 | 004,697,992 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 08:41:42 | 000,612,864 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 08:41:42 | 000,420,352 | ---- | C] (Microsoft Corporation)
l3codecp.acm -> C:\Windows\SysWow64\l3codecp.acm -> [2010/04/14 08:41:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
l3codecp.acm -> C:\Windows\SysNative\l3codecp.acm -> [2010/04/14 08:41:41 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
l3codeca.acm -> C:\Windows\SysNative\l3codeca.acm -> [2010/04/14 08:41:41 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
l3codeca.acm -> C:\Windows\SysWow64\l3codeca.acm -> [2010/04/14 08:41:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 08:41:40 | 000,104,960 | ---- | C] (Microsoft Corporation)
cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 08:41:40 | 000,098,304 | ---- | C] (Microsoft Corporation)
5 C:\Users\Tigris\Desktop\Documents\*.tmp files -> C:\Users\Tigris\Desktop\Documents\*.tmp ->
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\Tigris\ntuser.dat -> [2010/05/05 13:22:29 | 006,029,312 | -HS- | M] ()
OTS.exe -> C:\Users\Tigris\Desktop\OTS.exe -> [2010/05/05 13:19:00 | 000,640,000 | ---- | M] (OldTimer Tools)
Crypted.Gen Picked by Avia and spreading.mht -> C:\Users\Tigris\Desktop\Crypted.Gen Picked by Avia and spreading.mht -> [2010/05/05 13:15:30 | 000,338,190 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:27:08 | 000,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:27:08 | 000,003,616 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/05 09:32:57 | 000,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/05 09:32:57 | 000,599,942 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/05 09:32:57 | 000,105,448 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/05/05 09:27:17 | 000,048,318 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/05/05 09:27:16 | 000,048,318 | ---- | M] ()
LaunchU3.exe.lnk -> C:\Users\Tigris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> [2010/05/05 09:27:15 | 000,002,435 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/05 09:27:15 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/05 09:27:06 | 000,067,584 | --S- | M] ()
ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Tigris\ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/04 20:00:06 | 000,524,288 | -HS- | M] ()
ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TM.blf -> C:\Users\Tigris\ntuser.dat{6bbb3fbb-3098-11df-9c5f-0026181a0eee}.TM.blf -> [2010/05/04 20:00:06 | 000,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Tigris\AppData\Local\IconCache.db -> [2010/05/04 13:37:55 | 002,661,918 | -H-- | M] ()
Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/05/03 16:21:42 | 000,001,890 | ---- | M] ()
ResourceServlet.pdf -> C:\Users\Tigris\Desktop\ResourceServlet.pdf -> [2010/05/02 09:30:14 | 000,043,229 | ---- | M] ()
cheque.rtf -> C:\Users\Tigris\Desktop\Documents\cheque.rtf -> [2010/05/01 09:47:39 | 000,000,761 | ---- | M] ()
e-pass Fed Paul.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Fed Paul.rtf -> [2010/04/30 20:04:54 | 000,001,959 | ---- | M] ()
e-pass Monique.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Monique.rtf -> [2010/04/30 19:41:42 | 000,000,478 | ---- | M] ()
ARC-e-pass.rtf -> C:\Users\Tigris\Desktop\Documents\ARC-e-pass.rtf -> [2010/04/30 16:16:11 | 000,001,522 | ---- | M] ()
CCleaner.lnk -> C:\Users\Tigris\Desktop\CCleaner.lnk -> [2010/04/30 13:11:48 | 000,001,726 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/29 12:53:18 | 000,299,952 | ---- | M] ()
Document220.rtf -> C:\Users\Tigris\Desktop\Documents\Document220.rtf -> [2010/04/25 20:11:58 | 000,003,971 | ---- | M] ()
HJT21.rtf -> C:\Users\Tigris\Desktop\Documents\HJT21.rtf -> [2010/04/25 17:54:53 | 000,003,743 | ---- | M] ()
Internet Explorer.lnk -> C:\Users\Tigris\Desktop\Internet Explorer.lnk -> [2010/04/25 12:10:10 | 000,000,981 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Tigris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/23 13:37:19 | 000,015,872 | ---- | M] ()
Samsung Toner.rtf -> C:\Users\Tigris\Desktop\Documents\Samsung Toner.rtf -> [2010/04/23 13:19:34 | 000,000,430 | ---- | M] ()
annexe s.eml -> C:\Users\Tigris\Desktop\Documents\annexe s.eml -> [2010/04/22 19:25:56 | 000,110,258 | ---- | M] ()
annexe s - quebec.eml -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml -> [2010/04/22 19:22:58 | 000,110,284 | ---- | M] ()
redressement t1.eml -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml -> [2010/04/22 19:19:29 | 000,076,389 | ---- | M] ()
t1-adj-08f.pdf -> C:\Users\Tigris\Desktop\Documents\t1-adj-08f.pdf -> [2010/04/22 19:16:11 | 000,053,181 | ---- | M] ()
marie-france&michel.qbk -> C:\Users\Tigris\Desktop\marie-france&michel.qbk -> [2010/04/20 14:27:36 | 000,087,056 | ---- | M] ()
config.nt -> C:\Windows\SysWow64\config.nt -> [2010/04/15 21:10:20 | 000,000,000 | ---- | M] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/04/15 21:07:21 | 000,001,798 | ---- | M] ()
setup_av_free.exe -> C:\Users\Tigris\Desktop\setup_av_free.exe -> [2010/04/15 21:05:13 | 045,942,928 | ---- | M] ()
Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/04/15 19:21:36 | 000,001,903 | ---- | M] ()
avira_antivir_personal_en.exe -> C:\Users\Tigris\Desktop\avira_antivir_personal_en.exe -> [2010/04/15 19:11:46 | 042,281,152 | ---- | M] ()
avastSS.scr -> C:\Windows\SysWow64\avastSS.scr -> [2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software)
aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software)
aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/04/14 12:35:51 | 000,051,280 | ---- | M] (ALWIL Software)
aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/04/14 12:35:31 | 000,121,936 | ---- | M] (ALWIL Software)
aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/04/14 12:31:42 | 000,028,752 | ---- | M] (ALWIL Software)
aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/04/14 12:31:27 | 000,063,568 | ---- | M] (ALWIL Software)
aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/04/14 12:31:03 | 000,022,096 | ---- | M] (ALWIL Software)
marie-france&michel.q09 - Shortcut.lnk -> C:\Users\Tigris\Desktop\Documents\marie-france&michel.q09 - Shortcut.lnk -> [2010/04/13 13:13:58 | 000,000,326 | ---- | M] ()
TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010/04/06 15:36:19 | 000,000,999 | ---- | M] ()
TeamViewer_Setup.exe -> C:\Users\Tigris\Desktop\TeamViewer_Setup.exe -> [2010/04/06 15:30:52 | 002,822,656 | ---- | M] ()
Google.url -> C:\Users\Tigris\Desktop\Google.url -> [2010/04/06 12:03:13 | 000,000,208 | ---- | M] ()
5 C:\Users\Tigris\Desktop\Documents\*.tmp files -> C:\Users\Tigris\Desktop\Documents\*.tmp ->
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files - No Company Name]
Crypted.Gen Picked by Avia and spreading.mht -> C:\Users\Tigris\Desktop\Crypted.Gen Picked by Avia and spreading.mht -> [2010/05/05 13:15:27 | 000,338,190 | ---- | C] ()
Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/05/03 16:21:42 | 000,001,890 | ---- | C] ()
ResourceServlet.pdf -> C:\Users\Tigris\Desktop\ResourceServlet.pdf -> [2010/05/02 09:30:13 | 000,043,229 | ---- | C] ()
e-pass Fed Paul.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Fed Paul.rtf -> [2010/04/30 19:57:03 | 000,001,959 | ---- | C] ()
e-pass Monique.rtf -> C:\Users\Tigris\Desktop\Documents\e-pass Monique.rtf -> [2010/04/30 19:41:42 | 000,000,478 | ---- | C] ()
CCleaner.lnk -> C:\Users\Tigris\Desktop\CCleaner.lnk -> [2010/04/29 18:09:22 | 000,001,726 | ---- | C] ()
ARC-e-pass.rtf -> C:\Users\Tigris\Desktop\Documents\ARC-e-pass.rtf -> [2010/04/29 14:17:44 | 000,001,522 | ---- | C] ()
IconCache.db -> C:\Users\Tigris\AppData\Local\IconCache.db -> [2010/04/27 19:55:13 | 002,661,918 | -H-- | C] ()
Document220.rtf -> C:\Users\Tigris\Desktop\Documents\Document220.rtf -> [2010/04/25 20:11:58 | 000,003,971 | ---- | C] ()
hijackthis22.log -> C:\Users\Tigris\hijackthis22.log -> [2010/04/25 20:11:00 | 000,010,699 | ---- | C] ()
HJT21.rtf -> C:\Users\Tigris\Desktop\Documents\HJT21.rtf -> [2010/04/25 17:54:27 | 000,003,743 | ---- | C] ()
Internet Explorer.lnk -> C:\Users\Tigris\Desktop\Internet Explorer.lnk -> [2010/04/25 12:10:10 | 000,000,981 | ---- | C] ()
Samsung Toner.rtf -> C:\Users\Tigris\Desktop\Documents\Samsung Toner.rtf -> [2010/04/23 13:17:31 | 000,000,430 | ---- | C] ()
annexe s.eml -> C:\Users\Tigris\Desktop\Documents\annexe s.eml -> [2010/04/22 19:25:55 | 000,110,258 | ---- | C] ()
annexe s - quebec.eml -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml -> [2010/04/22 19:22:57 | 000,110,284 | ---- | C] ()
redressement t1.eml -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml -> [2010/04/22 19:19:28 | 000,076,389 | ---- | C] ()
t1-adj-08f.pdf -> C:\Users\Tigris\Desktop\Documents\t1-adj-08f.pdf -> [2010/04/22 19:16:11 | 000,053,181 | ---- | C] ()
cheque.rtf -> C:\Users\Tigris\Desktop\Documents\cheque.rtf -> [2010/04/22 16:52:51 | 000,000,761 | ---- | C] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/04/15 21:07:21 | 000,001,798 | ---- | C] ()
dd_vcredistMSI5279.txt -> C:\Users\Tigris\AppData\Local\dd_vcredistMSI5279.txt -> [2010/04/15 21:07:11 | 000,376,122 | ---- | C] ()
dd_vcredistUI5279.txt -> C:\Users\Tigris\AppData\Local\dd_vcredistUI5279.txt -> [2010/04/15 21:07:10 | 000,011,442 | ---- | C] ()
setup_av_free.exe -> C:\Users\Tigris\Desktop\setup_av_free.exe -> [2010/04/15 21:05:11 | 045,942,928 | ---- | C] ()
Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/04/15 19:21:36 | 000,001,903 | ---- | C] ()
avira_antivir_personal_en.exe -> C:\Users\Tigris\Desktop\avira_antivir_personal_en.exe -> [2010/04/15 19:11:46 | 042,281,152 | ---- | C] ()
Simon Impot 2009.pdf -> C:\Users\Tigris\Desktop\Simon Impot 2009.pdf -> [2010/04/13 16:46:17 | 000,253,706 | ---- | C] ()
marie-france&michel.qbk -> C:\Users\Tigris\Desktop\marie-france&michel.qbk -> [2010/04/13 13:36:15 | 000,087,056 | ---- | C] ()
marie-france&michel.q09 - Shortcut.lnk -> C:\Users\Tigris\Desktop\Documents\marie-france&michel.q09 - Shortcut.lnk -> [2010/04/13 13:13:58 | 000,000,326 | ---- | C] ()
TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010/04/06 15:36:19 | 000,000,999 | ---- | C] ()
TeamViewer_Setup.exe -> C:\Users\Tigris\Desktop\TeamViewer_Setup.exe -> [2010/04/06 15:30:38 | 002,822,656 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/09/11 10:15:17 | 000,117,248 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/09/11 10:14:26 | 000,368,640 | ---- | C] ()
pythoncom26.dll -> C:\Windows\SysWow64\pythoncom26.dll -> [2009/05/20 15:18:30 | 000,354,816 | ---- | C] ()
pywintypes26.dll -> C:\Windows\SysWow64\pywintypes26.dll -> [2009/05/20 15:18:30 | 000,108,032 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 000,060,124 | ---- | C] ()
ineyuni.dll -> C:\Windows\SysWow64\ineyuni.dll -> [2008/01/20 22:49:18 | 000,026,626 | ---- | C] ()
HPBroker.dll -> C:\Windows\HPBroker.dll -> [2008/01/14 17:47:06 | 000,099,712 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:07:25 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:07:25 | 000,026,040 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 733 bytes -> C:\Users\Tigris\Desktop\Documents\annexe s.eml:OECustomProperty
@Alternate Data Stream - 769 bytes -> C:\Users\Tigris\Desktop\Documents\redressement t1.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\Tigris\Desktop\Documents\annexe s - quebec.eml:OECustomProperty
< End of report >
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
nothing wrong there

what files does avira find as infected
 

ti-gris

Thread Starter
Joined
Apr 23, 2005
Messages
205
dvk01
sorry that was 13 days ago, they were put in the chest and now they are gone!!Scanned with Avast and nothing is there anymore. Had jotted down on a piece of paper but cant find it. Lets say its clean, and I remember two of them were temp files so I cleaned it two days after my original post. Any idea about all those 023 files with "fille missing" entries. thank you for your time.
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
the missing files aren't missing and are all needed legimate services on W7
it is a bug in HJT that it can't read services etc on a 64 bit computer
 

ti-gris

Thread Starter
Joined
Apr 23, 2005
Messages
205
dvk01
Thank you for your reply. I'l mark :Solved". By the way I'm using Vista but its 64. So these files are legit.(y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top