1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

'I am alive!' appearing when I click certain links

Discussion in 'Virus & Other Malware Removal' started by 15Peter20, Jan 24, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    Today I clicked on a couple of links on sites and got 'I am alive!' in plain text and nothing else.

    This is obviously indicative of some problem, but I can't work out what. Several virus scans reveal nothing.

    I did a search and people with this problem seemed to have had their wireless routers cracked. This isn't applicable to me since I'm not on wireless.

    I'm assuming that my...ordinary, non-wireless router has been cracked. Is there anything I can do about this?
     
  2. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    As an unemployed loser, I need to find a solution to this problem pretty quickly. I can't log in to my email if there's a chance of malware / a keylogger on my system, and I need my email to look for work. If there is ANYTHING you guys can offer by way of advice I would be very grateful.
     
  3. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello 15Peter20 and welcome to the TSG forum.

    My name is Satchfan and I would be glad to help you with your computer problem. Please read the following guidelines which will help to make cleaning your machine easier:



    • [*]Please do not install/uninstall any programs unless asked to.

      [*]Please do not run any scans other than those requested

      [*]Please follow all instructions in the order posted

      [*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

      [*]If you don't understand something, please don't hesitate to ask for clarification before proceeding

      [*]The fixes are specific to your problem and should only be used for this issue on this machine.

      [*]Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
    Please note that I am still in training and my replies need to be checked by an expert in order for you to receive the best possible advice. This may result in a small delay between my posts but I shall try to keep this to a minimum.


    I will post back with instructions as soon as possible.

    Satchfan
     
  4. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    That would be awesome, thanks.
     
  5. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello again 15Peter20

    It appears that your router settings may have been changed. We’ll try resetting the router and then find out what caused it. Be aware of the fact that it’s possible that after resetting the router it will be affected again but don’t worry, we will get the culprit.

    First

    Reset the Router


    Let’s try to reset the router to its default configuration.


    • [*]This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.

      [*]Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

      [*]If you don’t know the router's default password, you can look it up. here

      [*]You also need to reconfigure any security settings you had in place prior to the reset.

      [*]You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
    Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

    Next

    Flush the DNS cache



    • [*]Now go to Start > Run > type: cmd

      [*]Press OK or Hit Enter.

      [*]At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)

      [*]Hit Enter.

      [*]You will get a confirmation that the flush was successful.

      [*]Close the command box.

    Download and run OTL



    • [*]Download OTL to your desktop.

      [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

      [*]When the window appears, underneath Output at the top change it to Minimal Output.

      [*]Check the boxes beside LOP Check and Purity Check.

      [*]Under Custom Scan paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.



    • [*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

      [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

      [*]You may need two posts to fit them both in.

    Download the GMER Rootkit Scanner

    [​IMG]
    Download GMER Rootkit Scanner from here or here.



    • [*]Extract the contents of the zipped file to desktop.

      [*]Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

      [*]If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it


      [*]In the right panel, you will see several boxes that have been checked. Uncheck the following ...


      • [*]IAT/EAT

        [*]All drives/partitions except C:\)

        [*]Show All (don't miss this one)

      [*]Then click the Scan button & wait for it to finish.

      [*]Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.


      [*]Save it where you can easily find it, such as your desktop, and attach it in your reply.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Logs to include with next post:

    OTL.txt
    Extras.txt
    Gmer.txt

    Thanks

    Satchfan
     
  6. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    Thanks so much for the help, and I'm probably trying your patience a little here, but I'm not sure how to do this part, sorry.

    Will it be obvious how to do it when I reset the router, or do I need to know going in?
     
  7. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hi 15Peter20

    I have plenty of patience and would rather you asked questions when you don’t understand. Many people make things harder by not asking. We’ll take it as slowly as necessary but you may be the one who needs patience as I have to get an expert to check my answers before I can post back to you..

    OK, let’s try this.

    First

    Can you see a small hole at the back of your router labelled “Reset”? If you can, try inserting something tiny like a paper clip end or pencil tip into it and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If that goes OK, do the next step and if not, let me know.

    Next

    Go back to your computer and do this:
    • click on Start, Run then type in cmd
    • press OK or hit Enter.
    • when the black screen appears, type in ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
    • Hit Enter.
    • You will get a confirmation that what you did was successful.
    • Close that window.
    If you managed the instructions above that’s good. If not, just try to do the following:



    Download and run OTL
    • Download OTL[/url] to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
    Download the GMER Rootkit Scanner


    [​IMG]




    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    [​IMG]
    Click the image to enlarge it

    • In the right panel, you will see several boxes that have been checked. Uncheck the following
      • IAT/EAT
      • All drives/partitions except C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
    • Save it where you can easily find it, such as your desktop, and attach it in your reply.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Logs to include with next post:

    OTL.txt
    Extras.txt
    Gmer.txt

    Thanks

    Satchfan

     
  8. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    Sorry if I was unclear, I meant I don't know how to change my router's password.
     
  9. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    15Peter20

    Apologies, I misunderstood.

    Please let me know the make, model and serial number which should be found on the back of the router.
     
  10. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    My router is a D-Link DSL-2640-R.

    The serial number is PV0D296027804.
     
  11. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    15Peter20

    This is assuming that you didn’t reset the password previously: if you did, replace admin with the old password:

    1. Open your browser
    2. Type in the default IP address of the router in your browser (default IP is 192.168.1.1)
    3. Log in using the default username and password (username: admin, password: admin)
    4. Click on Maintenance at the top of the screen and then click on the Password option on the left.
    5. Type in the 'Current Password, type in the default password (admin)
    6. Under 'New Password', type in your new password. Type in the same password under 'Confirm Password'.
    7. Click on the ApplySettings button at the bottom of the screen.
    8. Click on the Reboot button on the left to reboot the router with the new settings.
    If this and resetting the router were successful, please follow the previous instructions to run the scans.

    If you are still having problems, please let me know.

    Satchfan
     
  12. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    cheers

    OTL

    OTL logfile created on: 31/01/2011 08:45:37 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\John\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 278.55 Gb Total Space | 48.47 Gb Free Space | 17.40% Space Free | Partition Type: NTFS
    Drive D: | 19.52 Gb Total Space | 7.56 Gb Free Space | 38.71% Space Free | Partition Type: FAT32
    Drive I: | 223.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: USERONE-0018106 | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Opera\opera.exe (Opera Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
    MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (adiusbaw) -- C:\WINDOWS\system32\drivers\adiusbaw.sys (Analog Devices Inc.)
    DRV - (ELOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\system32\drivers\adildr.sys (Analog Deivces)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\vm7133.sys (VidzMedia Pte Ltd)
    DRV - (vmPhTune) MonsterTV TV Tuner (Combined) -- C:\WINDOWS\system32\drivers\vmPhTune.sys (VidzMedia Pte. Ltd.)
    DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
    DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
    DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.mytalktalk.net
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: " http://www.mytalktalk.co.uk"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
    FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/03 12:25:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/14 08:35:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 11:05:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/03 13:25:25 | 000,000,000 | ---D | M]

    [2010/08/14 15:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
    [2011/01/10 11:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cw6j22i2.default\extensions
    [2010/12/10 23:39:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cw6j22i2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/01/10 11:11:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cw6j22i2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/08/14 22:17:51 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cw6j22i2.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
    [2010/12/28 12:50:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cw6j22i2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/14 15:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/03 12:25:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/01/14 08:35:07 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2011/01/03 13:25:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2011/01/03 13:25:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2011/01/03 13:25:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2011/01/08 11:06:17 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
    [2011/01/03 13:25:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2006/03/15 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/03 11:29:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/04/19 11:37:34 | 000,000,029 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56308606093492224)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 08:44:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2011/01/30 23:04:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
    [2011/01/26 14:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/01/26 14:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/01/26 14:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
    [2011/01/26 14:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/26 14:15:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/01/26 14:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/01/26 14:15:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/01/26 14:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/24 17:06:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/01/24 16:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Avira
    [2011/01/24 16:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/01/24 16:55:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/01/24 16:55:29 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/01/24 16:55:29 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/01/24 16:55:29 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/01/24 16:55:29 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/01/24 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/01/24 16:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/01/23 00:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Noah And The Whale - Peaceful, The World Lays Me Down - 2008 V0
    [2011/01/14 11:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Anna Calvi - (2011) - Anna Calvi (V0)
    [2011/01/08 11:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    [2011/01/08 11:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
    [2011/01/08 11:01:51 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
    [2011/01/08 11:01:50 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBFCE.DLL
    [2011/01/08 11:01:50 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BFCE.DLL
    [2011/01/08 11:00:58 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
    [2011/01/07 19:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
    [2011/01/07 19:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
    [2011/01/07 18:58:39 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
    [2011/01/07 18:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
    [2011/01/07 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2011/01/07 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
    [2011/01/07 16:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
    [2011/01/07 16:26:00 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
    [2011/01/07 16:26:00 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
    [2011/01/07 16:26:00 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
    [2011/01/07 16:26:00 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
    [2011/01/07 16:26:00 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
    [2011/01/07 16:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2011/01/07 16:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\epson
    [2011/01/02 18:20:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/01/02 18:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Return To The Winners Circle.zip
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [14 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/31 08:44:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2011/01/31 08:33:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/31 07:31:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/01/31 07:31:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-261478967-839522115-1003.job
    [2011/01/31 07:31:36 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/31 07:31:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-261478967-839522115-500.job
    [2011/01/31 07:31:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-261478967-839522115-1004.job
    [2011/01/31 07:31:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/01/31 07:30:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/30 12:15:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-261478967-839522115-1004.job
    [2011/01/29 14:44:08 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/29 14:44:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/01/28 16:33:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-261478967-839522115-500.job
    [2011/01/28 12:08:31 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
    [2011/01/28 12:08:31 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2011/01/28 08:42:37 | 183,430,384 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Community.S02E13.HDTV.XviD-LOL.avi
    [2011/01/28 00:50:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-261478967-839522115-1003.job
    [2011/01/27 23:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/27 22:34:53 | 136,383,336 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Catherine Christer Hennix - The Electric Harpischord (2010) (V0).rar
    [2011/01/26 14:40:04 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\John\Desktop\sdsetup.exe
    [2011/01/26 14:15:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/26 12:15:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/24 16:55:47 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/23 19:09:32 | 015,314,712 | ---- | M] () -- C:\Documents and Settings\John\My Documents\and-Oud-For-Variations-Whitman-Fullerton-Keith_Sparhawk.rar
    [2011/01/23 11:35:24 | 077,419,954 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Les Savy Fav - Root for Ruin (2010) [MP3-V0].zip
    [2011/01/22 23:00:16 | 190,302,223 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part3.rar
    [2011/01/22 22:45:38 | 209,715,200 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part2.rar
    [2011/01/22 22:27:23 | 209,715,200 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part1.rar
    [2011/01/22 16:12:18 | 736,370,794 | ---- | M] () -- C:\Documents and Settings\John\My Documents\The.Kings.Speech.2010.SCR.XviD-nCODE.avi
    [2011/01/21 12:27:00 | 183,392,256 | ---- | M] () -- C:\Documents and Settings\John\My Documents\community.212.hdtv-lol.avi
    [2011/01/20 12:53:43 | 495,822,653 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Let.Me.In.2010.R6.DVDrip.x264-www.divxt.net_by.tenzin.mkv
    [2011/01/19 23:55:12 | 733,896,704 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Biggie and Tupac (2002) DVDRip XviD iNTERNAL - TDF.avi
    [2011/01/19 23:16:45 | 082,614,704 | ---- | M] () -- C:\Documents and Settings\John\My Documents\The_Get_Up_Kids-There_Are_Rules-2011.zip
    [2011/01/19 23:06:40 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\John\My Documents\let me in.avi
    [2011/01/19 23:00:58 | 001,494,220 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Let.Me.In.2010.DVDRIP.READNFO.XViD-T0XiC-iNKFullDownloadZone.org.avi
    [2011/01/19 16:40:34 | 001,494,220 | ---- | M] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-Let.Me.In-T0XiC-iNK.avi
    [2011/01/18 13:11:46 | 367,238,738 | ---- | M] () -- C:\Documents and Settings\John\My Documents\skins.us.0101.hdtv.xvid-notv.avi
    [2011/01/17 14:36:37 | 183,404,555 | ---- | M] () -- C:\Documents and Settings\John\My Documents\family.guy.910.hdtv-lol.avi
    [2011/01/15 14:36:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/01/14 11:53:45 | 073,924,301 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Anna Calvi - (2011) - Anna Calvi (V0).zip
    [2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/01/13 08:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/01/13 08:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/01/13 08:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/01/13 08:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/01/11 12:13:31 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\John\My Documents\JD _ PS Bank Relief Support Worker 1010.doc
    [2011/01/10 17:21:16 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\John\My Documents\bankletter.doc
    [2011/01/10 12:10:29 | 183,415,606 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Family.Guy.S09E09.HDTV.XviD-LOL.avi
    [2011/01/08 10:45:45 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus SX210_SX410_TX210_TX410 Manual.lnk
    [2011/01/08 10:45:08 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
    [2011/01/07 19:02:03 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
    [2011/01/05 18:19:52 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Proof of Eligibility ID List.doc
    [2011/01/05 18:19:46 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Authorisation for Credit Searches.doc
    [2011/01/05 18:19:40 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Candidate Checklist and Preferences Form.doc
    [2011/01/05 18:19:31 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Personal Details Form.doc
    [2011/01/03 13:03:56 | 1017,465,772 | ---- | M] () -- C:\Documents and Settings\John\My Documents\EliteArchive.Com_The Fighter 2010 SCREENER XViD-WBZ.avi
    [2011/01/02 16:58:01 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-Fighter-IMAGiNE.avi
    [2011/01/02 13:27:45 | 1457,517,343 | ---- | M] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-TrueGrit-IMAGiNE.avi
    [2011/01/02 12:02:56 | 080,357,108 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Return To The Winners Circle.zip
    [2011/01/01 17:03:48 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\John\My Documents\covering letter.doc
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [14 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/28 12:08:31 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
    [2011/01/28 12:08:31 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
    [2011/01/28 12:08:31 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2011/01/28 08:35:51 | 183,430,384 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Community.S02E13.HDTV.XviD-LOL.avi
    [2011/01/26 14:40:29 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\John\Desktop\sdsetup.exe
    [2011/01/26 14:15:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/24 16:55:47 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/23 19:06:38 | 015,314,712 | ---- | C] () -- C:\Documents and Settings\John\My Documents\and-Oud-For-Variations-Whitman-Fullerton-Keith_Sparhawk.rar
    [2011/01/23 11:29:07 | 077,419,954 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Les Savy Fav - Root for Ruin (2010) [MP3-V0].zip
    [2011/01/22 23:00:37 | 609,731,246 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rich Hall - How the West was Lost.avi
    [2011/01/22 22:46:19 | 190,302,223 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part3.rar
    [2011/01/22 22:29:24 | 209,715,200 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part2.rar
    [2011/01/22 22:06:52 | 209,715,200 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Rich_Hall_-_How_the_West_was_Lost.part1.rar
    [2011/01/22 15:39:44 | 736,370,794 | ---- | C] () -- C:\Documents and Settings\John\My Documents\The.Kings.Speech.2010.SCR.XviD-nCODE.avi
    [2011/01/21 12:20:32 | 183,392,256 | ---- | C] () -- C:\Documents and Settings\John\My Documents\community.212.hdtv-lol.avi
    [2011/01/20 12:33:35 | 495,822,653 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Let.Me.In.2010.R6.DVDrip.x264-www.divxt.net_by.tenzin.mkv
    [2011/01/19 23:41:01 | 733,896,704 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Biggie and Tupac (2002) DVDRip XviD iNTERNAL - TDF.avi
    [2011/01/19 23:10:09 | 082,614,704 | ---- | C] () -- C:\Documents and Settings\John\My Documents\The_Get_Up_Kids-There_Are_Rules-2011.zip
    [2011/01/19 23:04:36 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\John\My Documents\let me in.avi
    [2011/01/19 16:50:19 | 001,494,220 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Let.Me.In.2010.DVDRIP.READNFO.XViD-T0XiC-iNKFullDownloadZone.org.avi
    [2011/01/19 16:39:42 | 001,494,220 | ---- | C] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-Let.Me.In-T0XiC-iNK.avi
    [2011/01/18 12:57:48 | 367,238,738 | ---- | C] () -- C:\Documents and Settings\John\My Documents\skins.us.0101.hdtv.xvid-notv.avi
    [2011/01/17 14:30:19 | 183,404,555 | ---- | C] () -- C:\Documents and Settings\John\My Documents\family.guy.910.hdtv-lol.avi
    [2011/01/14 11:47:56 | 073,924,301 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Anna Calvi - (2011) - Anna Calvi (V0).zip
    [2011/01/11 12:13:30 | 000,179,200 | ---- | C] () -- C:\Documents and Settings\John\My Documents\JD _ PS Bank Relief Support Worker 1010.doc
    [2011/01/10 17:21:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\John\My Documents\bankletter.doc
    [2011/01/10 12:06:55 | 183,415,606 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Family.Guy.S09E09.HDTV.XviD-LOL.avi
    [2011/01/07 19:02:03 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
    [2011/01/07 18:59:13 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus SX210_SX410_TX210_TX410 Manual.lnk
    [2011/01/07 18:58:40 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
    [2011/01/07 18:20:41 | 733,997,056 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Jim.Jefferies.Alcoholocaust.Live.2010.DVDRiP.XViD-iAFM.avi
    [2011/01/07 16:26:00 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2011/01/07 16:26:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/01/07 16:26:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/01/07 16:26:00 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2011/01/07 16:26:00 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2011/01/07 16:26:00 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2011/01/07 16:26:00 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2011/01/07 16:26:00 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
    [2011/01/07 16:26:00 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2011/01/07 16:26:00 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
    [2011/01/07 16:26:00 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
    [2011/01/07 16:26:00 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
    [2011/01/07 16:26:00 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
    [2011/01/07 16:26:00 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
    [2011/01/07 16:26:00 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
    [2011/01/07 16:26:00 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
    [2011/01/07 16:26:00 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
    [2011/01/07 16:26:00 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
    [2011/01/07 16:26:00 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
    [2011/01/07 16:26:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2011/01/07 16:26:00 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
    [2011/01/07 16:26:00 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
    [2011/01/07 16:26:00 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2011/01/07 16:26:00 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2011/01/07 16:26:00 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2011/01/07 16:26:00 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2011/01/07 16:26:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2011/01/07 16:26:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2011/01/07 16:26:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2011/01/07 16:26:00 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2011/01/07 16:26:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2011/01/07 16:26:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2011/01/05 18:19:52 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Proof of Eligibility ID List.doc
    [2011/01/05 18:19:46 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Authorisation for Credit Searches.doc
    [2011/01/05 18:19:40 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Candidate Checklist and Preferences Form.doc
    [2011/01/05 18:19:31 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Personal Details Form.doc
    [2011/01/03 12:10:48 | 1017,465,772 | ---- | C] () -- C:\Documents and Settings\John\My Documents\EliteArchive.Com_The Fighter 2010 SCREENER XViD-WBZ.avi
    [2011/01/02 16:58:01 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-Fighter-IMAGiNE.avi
    [2011/01/02 12:28:32 | 1457,517,343 | ---- | C] () -- C:\Documents and Settings\John\My Documents\OneClickMoviez.Com-TrueGrit-IMAGiNE.avi
    [2011/01/02 11:56:29 | 080,357,108 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Return To The Winners Circle.zip
    [2010/08/22 19:41:45 | 000,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini
    [2010/08/22 19:41:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
    [2010/08/22 19:41:38 | 000,001,157 | ---- | C] () -- C:\WINDOWS\adiras.ini
    [2010/08/22 19:41:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
    [2010/08/22 19:41:34 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
    [2010/08/07 16:56:05 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/06 13:08:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/03 13:18:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/08/03 12:09:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/08/03 12:06:57 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
    [2010/08/03 12:06:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/08/03 12:04:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2006/10/29 13:16:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/29 13:16:36 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/29 13:16:32 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/08/13 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/01/08 11:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/08/15 19:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
    [2011/01/27 11:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/01/07 19:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2010/08/03 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
    [2010/08/03 13:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/08/07 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Opera
    [2010/12/19 18:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SEGA
    [2010/10/03 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\uTorrent

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/03 11:29:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/04 15:50:56 | 000,000,209 | -HS- | M] () -- C:\boot.ini
    [2010/08/03 11:29:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/03 11:29:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/03 11:29:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/15 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/09/13 12:02:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/31 07:30:39 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/03 12:44:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/08/03 13:19:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/08/06 17:57:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/08/07 09:21:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/08/03 12:44:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/08/03 13:19:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/08/06 17:57:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/08/07 09:21:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/01/25 10:48:41 | 000,038,872 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_25.01.2011_10.48.16_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/08/03 11:29:09 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/08/03 12:05:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/08/03 12:05:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/08/03 12:05:00 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/09/13 12:07:30 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/06 14:31:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/08/06 14:31:48 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/31 08:44:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2011/01/26 14:40:04 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\John\Desktop\sdsetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2010/12/19 17:29:37 | 000,000,880 | ---- | C] ()(C:\Documents and Settings\John\My Documents\ReadMe - ??????.txt) -- C:\Documents and Settings\John\My Documents\ReadMe - &#1055;&#1088;&#1086;&#1095;&#1090;&#1080;.txt
    [2010/12/11 23:28:14 | 000,000,880 | ---- | M] ()(C:\Documents and Settings\John\My Documents\ReadMe - ??????.txt) -- C:\Documents and Settings\John\My Documents\ReadMe - &#1055;&#1088;&#1086;&#1095;&#1090;&#1080;.txt

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  13. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    Extras

    OTL Extras logfile created on: 31/01/2011 08:45:37 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\John\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 278.55 Gb Total Space | 48.47 Gb Free Space | 17.40% Space Free | Partition Type: NTFS
    Drive D: | 19.52 Gb Total Space | 7.56 Gb Free Space | 38.71% Space Free | Partition Type: FAT32
    Drive I: | 223.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: USERONE-0018106 | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = TalkTalk Broadband
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Premium
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CCleaner" = CCleaner
    "EPSON Scanner" = EPSON Scan
    "Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
    "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Opera 11.01.1190" = Opera 11.01
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Picasa 3" = Picasa 3
    "RealPlayer 12.0" = RealPlayer
    "Soulseek2" = SoulSeek 157 NS 13e
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.2
    "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 03/08/2010 09:10:22 | Computer Name = USERONE-0018106 | Source = avast! | ID = 33554522
    Description =

    Error - 03/08/2010 09:10:22 | Computer Name = USERONE-0018106 | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 09/12/2010 05:56:01 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 09/12/2010 15:21:07 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 09/12/2010 19:07:12 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 09/12/2010 19:30:32 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 10/12/2010 04:25:34 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 10/12/2010 09:44:23 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 11/12/2010 06:02:18 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 11/12/2010 07:28:54 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 11/12/2010 11:59:40 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    Error - 12/12/2010 04:45:09 | Computer Name = USERONE-0018106 | Source = Media Center Receiver | ID = 4
    Description = TV tuner malfunction. (0x80040265) MonsterTV TV Tuner (Combined)

    [ System Events ]
    Error - 30/01/2011 09:11:31 | Computer Name = USERONE-0018106 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 021617E25601 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 30/01/2011 09:11:55 | Computer Name = USERONE-0018106 | Source = Print | ID = 23
    Description = Printer Microsoft Office Document Image Writer failed to initialize
    because a suitable Microsoft Office Document Image Writer Driver driver could not
    be found.

    Error - 30/01/2011 09:12:02 | Computer Name = USERONE-0018106 | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (adildr.sys) service failed to start
    due to the following error: %%1058

    Error - 31/01/2011 03:30:49 | Computer Name = USERONE-0018106 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 021617E25601 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 31/01/2011 03:31:07 | Computer Name = USERONE-0018106 | Source = Print | ID = 23
    Description = Printer Microsoft Office Document Image Writer failed to initialize
    because a suitable Microsoft Office Document Image Writer Driver driver could not
    be found.

    Error - 31/01/2011 03:31:21 | Computer Name = USERONE-0018106 | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (adildr.sys) service failed to start
    due to the following error: %%1058

    Error - 31/01/2011 03:33:28 | Computer Name = USERONE-0018106 | Source = DCOM | ID = 10010
    Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
    with DCOM within the required timeout.

    Error - 31/01/2011 04:15:26 | Computer Name = USERONE-0018106 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 021617E25601 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 31/01/2011 04:25:56 | Computer Name = USERONE-0018106 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 021617E25601 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 31/01/2011 04:35:01 | Computer Name = USERONE-0018106 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 021617E25601 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  14. 15Peter20

    15Peter20 Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    86
    gmer.txt
     

    Attached Files:

  15. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hi 15Peter20

    P2P - I see you have P2P software, (uTorrent ), installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infection. If your computer is infected, it almost certainly contributed to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    Please see this topic for more information:

    Perils of P2P File Sharing.

    I would strongly recommend that you uninstall it now. You can do so via Control Panel, Add/remove Programs.

    Should you decide to keep it, please don&#8217;t use it until we have finished up here.


    Uninstall one of the following programs:

    Avira antivirus
    Avast antivirus

    You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

    Please remove one. What you choose to do after your computer problem is resolved is up to you but please follow these instructions until that time.


    To remove one of them:
    • click on Start, Settings, Control Panel
    • double-click Add or Remove Programs (it may take time for the list to appear, so be patient)
    • scroll down the list and look for either of the above entries:
    • click on the program name and then on Remove.
    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2


    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :dir
      C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}/s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


    As well as SystemLook.txt, please copy and paste the result of the Gmer scan instead of trying to attach it.

    I see that you ran TDSSKiller. I&#8217;d like a look at that log to see what turned up. A copy of the log will have been saved to the root of the drive, C:\ called TDSSKiller_*** (*** denotes version & date)

    Can you also let me know how things are since resetting your router etc

    Logs to include in next post:

    SystemLook.txt
    Gmer.txt
    TDSSKiller log

    Satchfan
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976721

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice