:OTL SRV - File not found [Auto] – -- (MpfService) SRV - File not found [Disabled] – -- (McSysmon) SRV - File not found [Auto] – -- (McShield) SRV - File not found [Auto] – -- (McProxy) SRV - File not found [On_Demand] – -- (McODS) SRV - File not found [Auto] – -- (McNASvc) SRV - File not found [On_Demand] – -- (McComponentHostService) SRV - [2011/11/02 11:38:57 | 000,257,024 | ---- | M] () [Auto] – C:\Windows\sysdriver32.exe – (srvsysdriver32) SRV - [2011/10/30 03:47:11 | 001,942,528 | ---- | M] () [Auto] – C:\Windows\update.2\svchost.exe – (srviecheck) SRV - [2011/10/29 16:25:31 | 000,344,576 | ---- | M] () [Auto] – C:\Windows\update.5.0\svchost.exe – (srvbtcclient) SRV - [2011/10/29 15:33:20 | 001,109,504 | -H-- | M] (Cronosoft) [Auto] – C:\Windows\update.1\svchost.exe – (wxpdrivers) DRV - File not found [Kernel | On_Demand] – -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] – -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] – -- (MRENDIS5) DRV - File not found [Kernel | On_Demand] – -- (MREMPR5) DRV - File not found [Kernel | On_Demand] – -- (IpInIp) IE - HKU\Kami_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ FF - prefs.js…browser.search.defaultenginename: “BearShare Web Search” FF - prefs.js…browser.search.order.1: “BearShare Web Search” FF - prefs.js…browser.search.selectedEngine: “BearShare Web Search” FF - prefs.js…browser.startup.homepage: “http://search.bearshare.com/” FF - prefs.js…extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js…keyword.URL: “http://search.bearshare.com/web?src=ffb&q=” [2011/08/22 15:44:17 | 000,000,000 | —D | M] (MediaBar) – C:\Users\Kami\AppData\Roaming\Mozilla\Firefox\Profiles\ad8x3s6y.default\extensions{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2010/04/12 07:01:54 | 000,002,476 | ---- | M] () – C:\Users\Kami\AppData\Roaming\Mozilla\Firefox\Profiles\ad8x3s6y.default\searchplugins\BearShareWebSearch.xml [2010/04/12 07:01:54 | 000,002,476 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM…\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM…\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM…\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKU\Kami_ON_C…\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\Kami_ON_C…\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O4 - HKLM…\Run: [501650.exe] C:\Windows\Temp\501650.exe () O4 - HKLM…\Run: [5865004.exe] C:\Windows\Temp\5865004.exe () O4 - HKLM…\Run: [6008318.exe] C:\Windows\Temp\6008318.exe () O4 - HKLM…\Run: [bearShare] File not found O4 - HKLM…\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe () O4 - HKLM…\Run: [mcagent_exe] File not found O4 - HKLM…\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-15-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico1] C:\Windows\update.tray-9-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [wxpdrv] File not found O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~2\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () [2011/10/29 16:35:03 | 000,000,000 | —D | C] – C:\Windows\ufa [2011/10/29 16:35:03 | 000,000,000 | —D | C] – C:\Windows\rpcminer [2011/10/29 16:35:03 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011/10/29 16:31:20 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-15-0-lnk [2011/10/29 16:31:20 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-15-0 [2011/10/29 16:25:32 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011/10/29 16:25:32 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011/10/29 16:07:57 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011/10/29 15:48:20 | 000,000,000 | -H-D | C] – C:\Windows\update.1 [2011/10/29 15:47:47 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-9-0-lnk [2011/10/29 15:47:47 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-9-0 [2011/11/03 03:36:03 | 000,000,734 | ---- | M] () – C:\Windows\System32\drivers\etc\hîsts [2011/11/02 11:38:58 | 000,000,112 | ---- | M] () – C:\Windows\info1 [2011/11/02 11:38:57 | 000,257,024 | ---- | M] () – C:\Windows\sysdriver32_.exe [2011/11/02 11:38:57 | 000,257,024 | ---- | M] () – C:\Windows\sysdriver32.exe [2011/10/29 16:35:02 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011/10/29 16:35:02 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011/10/29 16:35:02 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar [2011/10/29 16:35:00 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011/10/29 16:08:46 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011/10/29 15:51:11 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [emptytemp] [resethosts]