Jump to content


Photo
- - - - -

Google being hijacked


  • This topic is locked This topic is locked
30 replies to this topic

#1 barrel05

barrel05

    Member

  • Members
  • PipPipPip
  • 86 posts

Posted 18 November 2010 - 01:54 AM

When ever i click on a google searched link it redirects me to anti-virus sights

#2 barrel05

barrel05

    Member

  • Members
  • PipPipPip
  • 86 posts

Posted 18 November 2010 - 05:53 AM

I beleive i have rootkit virus any help would be appreciated

#3 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 18 November 2010 - 09:24 AM

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#4 barrel05

barrel05

    Member

  • Members
  • PipPipPip
  • 86 posts

Posted 18 November 2010 - 06:05 PM

OTL
OTL logfile created on: 19/11/2010 10:41:00 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

766.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.11 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
Drive D: | 6.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 372.61 Gb Total Space | 19.78 Gb Free Space | 5.31% Space Free | Partition Type: NTFS
Drive F: | 1396.92 Gb Total Space | 1358.05 Gb Free Space | 97.22% Space Free | Partition Type: FAT32

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/19 10:38:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/09/29 18:46:08 | 000,196,944 | ---- | M] (Totem Entertainment) -- C:\Program Files\vghd\VirtuaGirl_Downloader.exe
PRC - [2010/09/29 18:46:07 | 000,600,904 | ---- | M] (Totem Entertainment) -- C:\Program Files\vghd\vghd.exe
PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/19 19:25:41 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/01 12:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/16 04:31:54 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2007/05/16 08:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/16 08:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/16 08:55:26 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/01/20 04:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/04/28 07:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/10/31 19:42:40 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002/03/20 10:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/19 10:38:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/05/16 08:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/20 04:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/04/28 07:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\1E.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/19 19:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/02/28 05:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/16 14:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/05/16 08:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/16 08:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/16 08:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/13 09:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/12/05 21:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 14:58:30 | 000,013,056 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 0E 3E 43 0D 87 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "midica Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "midica Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: artur.dubovoyEmail Removed:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.5
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://ws.infospace...._id=60531&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 12:50:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 09:58:54 | 000,000,000 | ---D | M]

[2011/03/05 15:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/19 00:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions
[2011/03/08 13:15:25 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/03/08 13:05:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/30 13:58:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/07 15:37:20 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2010/05/31 17:25:53 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2011/03/08 14:30:00 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/03/08 13:15:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/08 13:15:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/08 13:15:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/08 13:15:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/20 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\artur.dubovoyEmail Removed
[2010/04/07 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\[email protected]
[2010/05/20 13:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\extensions\[email protected]
[2011/03/08 15:10:14 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\searchplugins\bing.xml
[2010/10/23 11:26:06 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\searchplugins\conduit.xml
[2010/05/31 17:27:03 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vkswq5d8.default\searchplugins\search-the-web.xml
[2010/11/06 13:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 12:30:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 16:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 11:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/02/21 21:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/18 20:28:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/09 17:41:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - F:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 15:22:15 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/08 15:22:15 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/08 15:22:14 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/08 15:22:12 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/08 15:22:11 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/08 15:22:11 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/08 15:22:10 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/08 15:21:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/08 15:09:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/08 14:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Tracing
[2011/03/08 14:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/03/08 14:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/08 14:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/08 14:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/03/08 14:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/03/08 14:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/08 14:30:12 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/03/08 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitComet
[2011/03/08 14:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2011/03/08 14:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/03/08 13:42:12 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/03/08 13:42:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/03/08 13:42:12 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/03/08 13:42:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/03/08 13:42:06 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2011/03/08 13:42:06 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2011/03/08 13:42:06 | 000,036,864 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2011/03/08 13:42:06 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2011/03/08 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/03/08 13:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/03/08 13:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/08 13:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BloodBowl
[2011/03/08 13:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2011/03/08 13:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/03/05 15:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead
[2011/03/05 15:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/03/05 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/03/05 15:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011/03/05 15:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2011/03/05 15:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2011/03/05 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/05 15:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/05 15:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2011/03/05 15:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2011/03/05 15:14:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/05 15:11:05 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2011/03/05 15:11:05 | 000,692,224 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2011/03/05 15:11:05 | 000,262,144 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2011/03/05 15:11:05 | 000,217,088 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2011/03/05 15:11:05 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2011/03/05 15:11:05 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2011/03/05 15:10:52 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2011/03/05 15:10:52 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2011/03/05 15:10:52 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2011/03/05 15:10:52 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2011/03/05 15:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2011/03/05 15:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/03/05 15:09:59 | 000,459,520 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Dr71WU.sys
[2011/03/05 15:09:58 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/03/05 15:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2011/03/05 15:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2011/03/05 14:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/05 14:31:05 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/03/05 14:30:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/03/05 14:29:52 | 002,273,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2011/03/05 14:29:52 | 000,880,640 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2011/03/05 14:29:52 | 000,739,387 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2011/03/05 14:29:52 | 000,471,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2011/03/05 14:29:52 | 000,462,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2011/03/05 14:29:52 | 000,339,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2011/03/05 14:29:52 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2011/03/05 14:29:52 | 000,221,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2011/03/05 14:29:52 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/03/05 14:29:52 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/03/05 14:29:52 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/03/05 14:29:52 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2011/03/05 14:29:52 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2011/03/05 14:29:52 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/03/05 14:29:52 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/03/05 14:29:52 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/03/05 14:29:52 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/03/05 14:29:52 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/03/05 14:29:52 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/03/05 14:29:52 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2011/03/05 14:29:52 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2011/03/05 14:29:52 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2011/03/05 14:29:52 | 000,126,651 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2011/03/05 14:29:52 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2011/03/05 14:29:52 | 000,103,484 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2011/03/05 14:29:52 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2011/03/05 14:29:52 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/03/05 14:29:52 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2011/03/05 14:29:52 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/03/05 14:29:52 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v3762.dll
[2011/03/05 14:29:52 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2011/03/05 14:29:52 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2011/03/05 14:29:52 | 000,036,415 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2011/03/05 14:29:52 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/03/05 14:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2011/03/05 14:29:43 | 000,000,000 | ---D | C] -- C:\dell
[2011/03/05 14:29:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/05 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/12/09 18:02:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/12/09 17:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/09 17:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/12/09 17:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/12/09 17:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/12/09 17:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/12/09 17:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2010/12/09 17:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/12/09 17:52:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/12/09 17:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/09 17:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/12/09 17:52:10 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/09 17:47:59 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/12/09 17:47:57 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/12/09 17:47:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/12/09 17:47:14 | 000,589,3