TechSpot

[A] Help! Infected with RootKit.ZeroAccess Virus

Inactive
By sjy
Mar 1, 2012
Topic Status:
Not open for further replies.
  1. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    ComboFix 12-03-08.01 - Owner 03/08/2012 16:35:02.6.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2887 [GMT -5:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-08 08:28 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2012-03-08 08:27 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-03-08 08:27 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-03-08 08:27 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-03-08 08:25 . 2012-03-08 08:27 -------- dc-h--w- c:\windows\ie8
    2012-03-07 22:33 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2012-03-07 22:33 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2012-03-07 22:32 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2012-03-07 22:27 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-03-07 22:27 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-03-07 22:27 . 2011-10-25 12:52 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2012-03-07 22:27 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-03-07 22:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-07 22:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-07 22:10 . 2008-04-14 08:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
    2012-03-07 22:03 . 2008-04-14 08:00 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
    2012-03-07 22:03 . 2008-04-14 08:00 281088 ----a-w- c:\program files\Windows NT\pinball\PINBALL.EXE
    2012-03-07 22:03 . 2008-04-14 08:00 131584 -c--a-w- c:\windows\system32\dllcache\sndrec32.exe
    2012-03-07 22:03 . 2008-04-14 08:00 131584 ----a-w- c:\windows\system32\sndrec32.exe
    2012-03-07 22:03 . 2009-12-16 18:43 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
    2012-03-07 22:03 . 2009-12-16 18:43 343040 ----a-w- c:\windows\system32\mspaint.exe
    2012-03-07 22:03 . 2008-04-14 08:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
    2012-03-07 22:03 . 2008-04-14 08:00 539136 ----a-w- c:\program files\Windows NT\dialer.exe
    2012-03-07 22:03 . 2008-04-14 08:00 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
    2012-03-07 22:03 . 2008-04-14 08:00 538624 ----a-w- c:\windows\system32\spider.exe
    2012-03-07 22:03 . 2008-04-14 08:00 347136 ----a-w- c:\windows\system32\hypertrm.dll
    2012-03-07 21:35 . 2008-04-14 08:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2012-03-07 21:35 . 2008-04-14 08:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2012-03-07 21:35 . 2008-04-14 08:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2012-03-07 21:35 . 2008-04-14 08:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2012-03-07 21:35 . 2008-04-14 08:00 16535 ----a-r- c:\windows\SET169.tmp
    2012-03-07 21:35 . 2008-04-14 08:00 1088840 ----a-r- c:\windows\SET163.tmp
    2012-03-07 21:35 . 2008-04-14 08:00 1296669 ----a-r- c:\windows\SET160.tmp
    2012-03-07 13:04 . 2009-11-27 17:23 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2012-03-06 00:27 . 2012-03-06 00:27 -------- d-----w- C:\_OTL
    2012-03-04 21:32 . 2012-03-04 21:32 -------- d-----w- c:\windows\system32\LogFiles
    2012-03-03 19:55 . 2012-03-03 19:55 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-02 16:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\program files\Download Manager
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DownloadManager
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\program files\Surf Canyon
    2012-02-29 17:42 . 2012-02-29 17:52 -------- d-----w- c:\program files\RebateRobot
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\skin
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\defaults
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\content
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\I Want This
    2012-02-29 17:41 . 2012-03-07 22:37 -------- d-----w- c:\program files\I Want This
    2012-02-27 21:04 . 2012-01-11 19:56 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-27 21:04 . 2012-01-11 19:56 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-27 21:04 . 2012-01-11 19:56 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-27 21:00 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-02-27 21:00 . 2012-01-11 21:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-02-27 21:00 . 2012-01-11 21:17 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-02-27 20:58 . 2012-02-27 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
    2012-02-10 19:59 . 2012-02-10 19:59 45056 ----a-w- c:\windows\scluins1.exe
    2012-02-10 19:59 . 2012-02-10 19:59 36864 ----a-w- c:\windows\smon03.exe
    2012-02-10 19:58 . 2012-02-10 21:22 -------- d-----w- c:\program files\Sophocles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 20:31 . 2012-02-27 20:31 1182680 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old
    2012-01-16 21:28 . 2011-06-24 19:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-01-16 21:28 . 2011-06-24 19:16 2246608 ----a-w- c:\windows\PCTBDCore.dll
    2012-01-16 21:28 . 2011-06-24 19:16 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2012-01-16 21:28 . 2011-06-24 19:16 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 21:19 . 2011-06-24 18:33 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-01-11 21:14 . 2011-06-24 18:33 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-12-17 19:46 . 2008-07-12 19:10 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2008-07-12 19:09 385024 ------w- c:\windows\system32\html.iec
    1997-07-22 00:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
    1997-06-23 08:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
    1997-06-23 17:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
    1997-06-23 17:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
    1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-03-08_13.05.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-08 21:33 . 2012-03-08 21:33 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
    + 2012-03-08 21:33 . 2012-03-08 21:33 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
    + 2008-04-14 11:00 . 2012-03-08 21:38 72452 c:\windows\system32\perfc009.dat
    - 2008-04-14 11:00 . 2012-03-08 12:53 72452 c:\windows\system32\perfc009.dat
    - 2008-04-14 08:00 . 2008-04-14 08:00 62976 c:\windows\system32\drivers\cdrom.sys
    + 2008-04-14 08:00 . 2008-04-14 05:10 62976 c:\windows\system32\drivers\cdrom.sys
    + 2008-04-14 08:00 . 2008-04-14 05:10 62976 c:\windows\system32\dllcache\cdrom.sys
    - 2008-04-14 11:00 . 2012-03-08 12:53 444702 c:\windows\system32\perfh009.dat
    + 2008-04-14 11:00 . 2012-03-08 21:38 444702 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66616350-A70C-4FF5-912E-A92B8076F6F7}]
    c:\program files\RebateRobot\RebateRobot.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
    2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    "DownloadManager"="c:\program files\Download Manager\DownloadManager.exe" [2012-02-29 654336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "nwiz"="nwiz.exe" [BU]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 18 (0x12)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/24/2011 1:33 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/24/2011 1:33 PM 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/24/2011 1:33 PM 909728]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/27/2012 4:04 PM 54328]
    R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/27/2012 4:04 PM 574424]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/24/2011 1:33 PM 253352]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2/27/2012 4:00 PM 185560]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/24/2011 2:16 PM 546768]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2012 11:25 AM 652360]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 4:13 PM 226624]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2012 11:25 AM 20464]
    R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 2:59 PM 38248]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/9/2010 5:59 PM 47360]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2/27/2012 4:00 PM 56840]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/19/2009 2:29 AM 9472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42 PM 136176]
    S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/2/2011 9:24 AM 6016]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42 PM 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/2/2011 9:24 AM 20352]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/2/2011 9:24 AM 8320]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/2/2011 9:24 AM 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/2/2011 9:24 AM 9472]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/24/2011 1:33 PM 70536]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/24/2011 1:32 PM 402336]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/27/2012 4:04 PM 35264]
    S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
    S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - uphcleanhlp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42]
    .
    2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42]
    .
    2012-03-08 c:\windows\Tasks\MotoHelper Initial Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-02-29 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-03-08 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-02-29 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-03-07 c:\windows\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
    - c:\windows\system32\msfeedssync.exe [2008-07-12 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wykhr570.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search Defender
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2086743&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111124&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: FreeSoundRecorder Community Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
    FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-08 16:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(832)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'lsass.exe'(896)
    c:\windows\system32\nvLsp.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-03-08 16:56:49
    ComboFix-quarantined-files.txt 2012-03-08 21:56
    ComboFix2.txt 2012-03-08 13:11
    ComboFix3.txt 2012-01-01 16:23
    ComboFix4.txt 2011-12-26 18:00
    .
    Pre-Run: 137,629,929,472 bytes free
    Post-Run: 137,634,775,040 bytes free
    .
    - - End Of File - - B94A256742B1EAB7D9C404C2AA141899
  2. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Good job :)

    How is computer doing?

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\SET169.tmp
    c:\windows\SET163.tmp
    c:\windows\SET160.tmp
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  3. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    It's running better than it has in a long time. I'm using the trial version of MBAM and I've diabled PC Tools Spyware Doctor, which ALWAYS seems to be running in the background and slowing down the overall performance. What do you recommend for virus protection?

    ComboFix found Rootkit again and rebooted. Here's the log:

    ComboFix 12-03-08.01 - Owner 03/09/2012 13:20:47.7.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2887 [GMT -5:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\SET160.tmp"
    "c:\windows\SET163.tmp"
    "c:\windows\SET169.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SET160.tmp
    c:\windows\SET163.tmp
    c:\windows\SET169.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-08 19:12 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
    2012-03-08 08:28 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2012-03-08 08:27 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-03-08 08:27 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-03-08 08:27 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-03-08 08:25 . 2012-03-08 08:27 -------- dc-h--w- c:\windows\ie8
    2012-03-07 22:33 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2012-03-07 22:33 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2012-03-07 22:32 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2012-03-07 22:27 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-03-07 22:27 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-03-07 22:27 . 2011-10-25 12:52 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2012-03-07 22:27 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-03-07 22:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-07 22:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-07 22:10 . 2008-04-14 08:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
    2012-03-07 22:03 . 2008-04-14 08:00 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
    2012-03-07 22:03 . 2008-04-14 08:00 281088 ----a-w- c:\program files\Windows NT\pinball\PINBALL.EXE
    2012-03-07 22:03 . 2008-04-14 08:00 131584 -c--a-w- c:\windows\system32\dllcache\sndrec32.exe
    2012-03-07 22:03 . 2008-04-14 08:00 131584 ----a-w- c:\windows\system32\sndrec32.exe
    2012-03-07 22:03 . 2009-12-16 18:43 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
    2012-03-07 22:03 . 2009-12-16 18:43 343040 ----a-w- c:\windows\system32\mspaint.exe
    2012-03-07 22:03 . 2008-04-14 08:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
    2012-03-07 22:03 . 2008-04-14 08:00 539136 ----a-w- c:\program files\Windows NT\dialer.exe
    2012-03-07 22:03 . 2008-04-14 08:00 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
    2012-03-07 22:03 . 2008-04-14 08:00 538624 ----a-w- c:\windows\system32\spider.exe
    2012-03-07 22:03 . 2008-04-14 08:00 347136 ----a-w- c:\windows\system32\hypertrm.dll
    2012-03-07 21:35 . 2008-04-14 08:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2012-03-07 21:35 . 2008-04-14 08:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2012-03-07 21:35 . 2008-04-14 08:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2012-03-07 21:35 . 2008-04-14 08:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2012-03-07 13:04 . 2009-11-27 17:23 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2012-03-06 00:27 . 2012-03-06 00:27 -------- d-----w- C:\_OTL
    2012-03-04 21:32 . 2012-03-04 21:32 -------- d-----w- c:\windows\system32\LogFiles
    2012-03-03 19:55 . 2012-03-03 19:55 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-02 16:25 . 2012-03-02 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-02 16:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\program files\Download Manager
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DownloadManager
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\program files\Surf Canyon
    2012-02-29 17:42 . 2012-02-29 17:52 -------- d-----w- c:\program files\RebateRobot
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\skin
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\defaults
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- C:\content
    2012-02-29 17:42 . 2012-02-29 17:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\I Want This
    2012-02-29 17:41 . 2012-03-07 22:37 -------- d-----w- c:\program files\I Want This
    2012-02-27 21:04 . 2012-01-11 19:56 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-27 21:04 . 2012-01-11 19:56 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-27 21:04 . 2012-01-11 19:56 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-27 21:00 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-02-27 21:00 . 2012-01-11 21:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-02-27 21:00 . 2012-01-11 21:17 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-02-27 20:58 . 2012-02-27 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
    2012-02-10 19:59 . 2012-02-10 19:59 45056 ----a-w- c:\windows\scluins1.exe
    2012-02-10 19:59 . 2012-02-10 19:59 36864 ----a-w- c:\windows\smon03.exe
    2012-02-10 19:58 . 2012-02-10 21:22 -------- d-----w- c:\program files\Sophocles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 20:31 . 2012-02-27 20:31 1182680 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old
    2012-01-16 21:28 . 2011-06-24 19:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-01-16 21:28 . 2011-06-24 19:16 2246608 ----a-w- c:\windows\PCTBDCore.dll
    2012-01-16 21:28 . 2011-06-24 19:16 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2012-01-16 21:28 . 2011-06-24 19:16 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 21:19 . 2011-06-24 18:33 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-01-11 21:14 . 2011-06-24 18:33 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-12-17 19:46 . 2008-07-12 19:10 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2008-07-12 19:09 385024 ------w- c:\windows\system32\html.iec
    1997-07-22 00:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
    1997-06-23 08:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
    1997-06-23 17:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
    1997-06-23 17:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
    1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-03-08_13.05.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-09 18:17 . 2012-03-09 18:17 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat
    + 2012-03-09 18:16 . 2012-03-09 18:16 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
    - 2008-04-14 08:00 . 2008-04-14 08:00 75776 c:\windows\system32\strmfilt.dll
    + 2008-04-14 08:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
    + 2008-04-14 08:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2008-04-14 11:00 . 2012-03-09 18:21 72452 c:\windows\system32\perfc009.dat
    - 2008-04-14 11:00 . 2012-03-08 12:53 72452 c:\windows\system32\perfc009.dat
    + 2008-04-14 08:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
    - 2008-04-14 08:00 . 2008-04-14 08:00 62976 c:\windows\system32\drivers\cdrom.sys
    + 2008-04-14 08:00 . 2008-04-14 05:10 62976 c:\windows\system32\drivers\cdrom.sys
    + 2008-04-14 08:00 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
    - 2008-04-14 08:00 . 2008-04-14 08:00 75776 c:\windows\system32\dllcache\strmfilt.dll
    + 2008-04-14 08:00 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2008-04-14 08:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
    + 2008-04-14 08:00 . 2008-04-14 05:10 62976 c:\windows\system32\dllcache\cdrom.sys
    + 2009-12-13 06:38 . 2012-03-08 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-12-13 06:38 . 2012-03-08 12:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-03-08 22:04 . 2012-03-08 22:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2012-01-01 16:40 . 2012-03-08 12:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-03-09 08:01 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
    + 2012-03-09 08:01 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
    + 2012-03-08 19:12 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
    + 2012-03-08 19:12 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
    + 2008-07-12 19:09 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
    + 2008-04-14 11:00 . 2012-03-09 18:21 444702 c:\windows\system32\perfh009.dat
    - 2008-04-14 11:00 . 2012-03-08 12:53 444702 c:\windows\system32\perfh009.dat
    - 2008-07-12 19:09 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
    + 2008-07-12 19:09 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    + 2008-04-14 08:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
    + 2009-12-13 06:37 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2008-07-12 19:09 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    + 2008-07-12 19:24 . 2007-06-27 03:10 317440 c:\windows\system32\dllcache\unregmp2.exe
    - 2008-07-12 19:09 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-07-12 19:09 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\23f1129.msp
    + 2008-07-12 19:24 . 2007-06-27 03:10 317440 c:\windows\inf\unregmp2.exe
    + 2012-03-09 08:00 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2012-03-09 08:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2012-03-09 08:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2012-03-09 08:00 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2012-03-09 08:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2012-03-09 08:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2012-03-09 08:00 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2012-03-08 19:12 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
    + 2012-03-09 08:01 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
    + 2012-03-09 08:01 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
    + 2012-03-09 08:01 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
    + 2012-03-08 19:12 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66616350-A70C-4FF5-912E-A92B8076F6F7}]
    c:\program files\RebateRobot\RebateRobot.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
    2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    "DownloadManager"="c:\program files\Download Manager\DownloadManager.exe" [2012-02-29 654336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "nwiz"="nwiz.exe" [BU]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 18 (0x12)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/24/2011 1:33 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/24/2011 1:33 PM 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/24/2011 1:33 PM 909728]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/27/2012 4:04 PM 54328]
    R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/27/2012 4:04 PM 574424]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/24/2011 1:33 PM 253352]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2/27/2012 4:00 PM 185560]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/24/2011 2:16 PM 546768]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2012 11:25 AM 652360]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 4:13 PM 226624]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2012 11:25 AM 20464]
    R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 2:59 PM 38248]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/9/2010 5:59 PM 47360]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2/27/2012 4:00 PM 56840]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/19/2009 2:29 AM 9472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42 PM 136176]
    S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/2/2011 9:24 AM 6016]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42 PM 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/2/2011 9:24 AM 20352]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/2/2011 9:24 AM 8320]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/2/2011 9:24 AM 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/2/2011 9:24 AM 9472]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/24/2011 1:33 PM 70536]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/24/2011 1:32 PM 402336]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/27/2012 4:04 PM 35264]
    S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
    S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - uphcleanhlp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42]
    .
    2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42]
    .
    2012-03-09 c:\windows\Tasks\MotoHelper Initial Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-02-29 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-03-09 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-02-29 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
    .
    2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
    - c:\windows\system32\msfeedssync.exe [2008-07-12 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wykhr570.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search Defender
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2086743&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111124&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: FreeSoundRecorder Community Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
    FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-09 13:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(836)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'lsass.exe'(892)
    c:\windows\system32\nvLsp.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-03-09 13:42:12
    ComboFix-quarantined-files.txt 2012-03-09 18:42
    ComboFix2.txt 2012-03-08 21:56
    ComboFix3.txt 2012-03-08 13:11
    ComboFix4.txt 2012-01-01 16:23
    ComboFix5.txt 2012-03-09 18:05
    .
    Pre-Run: 137,451,524,096 bytes free
    Post-Run: 137,455,095,808 bytes free
    .
    - - End Of File - - 37A87B0EAC777130E76C1DBA07BF5F9E
  4. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Good news :)

    If PC Tools Spyware Doctor bothers you uninstall it.

    Then....
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Uninstall MBAM trial version and install free version: http://majorgeeks.com/download.php?det=5756

    Next....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    disregard - posted wrong file
  6. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    disregard - posted wrong log
  7. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    OTL.TXT file:

    OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.28% Memory free
    5.09 Gb Paging File | 4.64 Gb Available in Paging File | 91.10% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 292.97 Gb Total Space | 127.92 Gb Free Space | 43.66% Space Free | Partition Type: NTFS
    Drive D: | 303.19 Gb Total Space | 188.72 Gb Free Space | 62.25% Space Free | Partition Type: NTFS
    Drive E: | 647.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive J: | 39.06 Gb Total Space | 8.86 Gb Free Space | 22.68% Space Free | Partition Type: NTFS
    Drive K: | 109.99 Gb Total Space | 4.68 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

    Computer Name: STEVE | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/10 09:02:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/02/29 12:42:32 | 000,654,336 | ---- | M] (DownloadManager) -- C:\Program Files\Download Manager\DownloadManager.exe
    PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
    PRC - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2009/11/06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    PRC - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008/12/18 13:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    PRC - [2008/12/18 13:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
    PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/10 06:23:55 | 001,748,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12031001\algo.dll
    MOD - [2012/03/08 03:37:02 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
    MOD - [2012/03/08 03:36:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
    MOD - [2012/03/08 03:35:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    MOD - [2012/03/08 03:33:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    MOD - [2012/03/08 03:33:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    MOD - [2012/03/08 03:32:52 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    MOD - [2012/03/08 03:32:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
    MOD - [2012/03/08 03:31:52 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    MOD - [2012/03/08 03:31:46 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2012/03/08 03:30:55 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/03/08 03:30:48 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012/02/29 12:42:33 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
    MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    MOD - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2010/01/22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/01/22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/01/22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2009/12/13 13:34:22 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008/12/18 13:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    MOD - [2008/12/18 13:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    MOD - [2008/12/18 13:04:44 | 000,109,088 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
    MOD - [2008/05/01 23:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
    MOD - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2009/12/13 12:36:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB20)
    SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
    SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/12/18 13:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
    SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (TFSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/12/03 13:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2010/09/29 16:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2010/04/01 12:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
    DRV - [2010/01/25 17:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
    DRV - [2009/10/19 02:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
    DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
    DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/01/29 15:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2009/01/29 15:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
    DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008/08/25 03:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2007/11/02 13:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
    DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2007/03/12 20:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
    DRV - [2007/03/06 21:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2003/10/15 17:07:38 | 000,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys -- (MTDVC2)
    DRV - [2003/10/11 08:39:52 | 000,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {08695E7C-3FF8-408F-89E5-CDCE161D6692}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{08695E7C-3FF8-408F-89E5-CDCE161D6692}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


    IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes,DefaultScope = {08695E7C-3FF8-408F-89E5-CDCE161D6692}
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{08695E7C-3FF8-408F-89E5-CDCE161D6692}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FDUM_enUS474
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111124&iesrc={referrer:source}
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=8CCAF7A001CCF7090996C2A3&install_time=2012-02-29T17:42:51Z&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B)
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


    [2012/03/10 09:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/06 16:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/01 20:12:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/25 09:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/01/30 12:17:14 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2012/03/09 13:35:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.2\PriceGongIE.dll (PriceGong)
    O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
    O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - C:\Program Files\RebateRobot\RebateRobot.dll File not found
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003..\Run: [DownloadManager] C:\Program Files\Download Manager\DownloadManager.exe (DownloadManager)
    O4 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D9B49F-9F74-4830-BDE9-39538E21FEBA}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/12/14 15:34:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2011/02/22 08:58:33 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/04/14 03:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
  8. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
    Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
    Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/10 09:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/10 09:16:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/03/10 09:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/10 09:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2012/03/10 09:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
    [2012/03/10 09:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PriceGong
    [2012/03/10 09:02:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/03/10 08:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2012/03/10 08:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/03/10 08:57:10 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/03/10 08:57:10 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/03/10 08:57:08 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/03/10 08:57:08 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/03/10 08:57:07 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/03/10 08:57:07 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/03/10 08:57:07 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/03/10 08:57:07 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/03/10 08:56:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/03/10 08:56:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/03/10 08:56:40 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/03/10 08:56:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/03/09 13:07:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/03/08 16:25:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/03/08 16:25:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/03/08 16:25:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/03/08 03:25:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/03/08 03:12:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
    [2012/03/07 17:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2012/03/07 17:17:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2012/03/07 17:11:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2012/03/07 17:11:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2012/03/07 17:11:41 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2012/03/07 17:10:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2012/03/07 17:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2012/03/07 17:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2012/03/07 17:05:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
    [2012/03/07 17:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2012/03/07 17:03:56 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
    [2012/03/05 19:27:30 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/04 16:32:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2012/03/03 14:55:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/03 14:27:21 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
    [2012/03/02 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2012/03/02 11:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/02/29 16:06:15 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Owner\Desktop\boot_cleaner.exe
    [2012/02/29 12:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
    [2012/02/29 12:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
    [2012/02/29 12:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DownloadManager
    [2012/02/29 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
    [2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\skin
    [2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\RebateRobot
    [2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\defaults
    [2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\content
    [2012/02/29 12:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\I Want This
    [2012/02/29 12:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
    [2012/02/27 15:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
    [2012/02/12 12:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\0-print
    [2012/02/10 14:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophocles
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/10 09:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/10 09:16:59 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/10 09:11:18 | 000,444,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/10 09:11:18 | 000,072,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/10 09:07:22 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2012/03/10 09:07:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/10 09:06:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/10 09:06:43 | 3488,858,112 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/10 09:02:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/03/10 08:57:11 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/03/10 08:57:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/03/10 08:49:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/03/10 04:17:37 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
    [2012/03/09 13:35:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/03/09 13:04:09 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
    [2012/03/09 10:23:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
    [2012/03/09 03:01:54 | 000,647,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/03/09 03:01:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/08 19:18:16 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/03/08 13:41:59 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
    [2012/03/08 07:39:04 | 002,375,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/07 17:20:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/07 17:13:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2012/03/07 17:09:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/03/07 17:09:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/03/07 17:08:54 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2012/03/07 17:05:02 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/03/07 17:03:03 | 000,000,282 | -HS- | M] () -- C:\boot.ini
    [2012/03/07 17:02:05 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/03/04 17:43:46 | 000,980,124 | ---- | M] () -- C:\WINDOWS\setupapi.old
    [2012/03/04 17:34:10 | 000,033,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
    [2012/03/04 16:58:15 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/04 10:06:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/03/03 19:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/03/03 09:17:04 | 003,577,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
    [2012/03/02 11:57:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
    [2012/03/02 11:56:47 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
    [2012/02/29 16:05:59 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
    [2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
    [2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
    [2012/02/27 16:03:53 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
    [2012/02/27 15:58:15 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
    [2012/02/27 15:29:36 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
    [2012/02/22 09:00:04 | 000,040,435 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
    [2012/02/17 13:08:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/17 09:50:34 | 000,040,431 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
    [2012/02/10 14:59:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\scluins1.exe
    [2012/02/10 14:59:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\smon03.exe
    [2012/02/10 14:59:02 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sophocles 2003.lnk
    [2012/02/10 14:58:34 | 001,652,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\soph.exe
    [2012/02/10 12:56:46 | 013,261,485 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/10 09:16:59 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/10 08:57:11 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/03/09 13:04:09 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
    [2012/03/08 16:25:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/08 16:25:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/08 16:25:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/08 16:25:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/08 16:25:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/08 16:20:27 | 000,031,422 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CDROM.SY_
    [2012/03/08 13:41:59 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
    [2012/03/07 17:24:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/03/07 17:24:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2012/03/07 17:22:09 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk
    [2012/03/07 17:11:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2012/03/07 17:10:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2012/03/07 17:07:17 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/03/07 17:06:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2012/03/07 17:06:51 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2012/03/07 17:05:07 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2012/03/07 17:04:07 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2012/03/07 17:04:07 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2012/03/07 17:04:07 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2012/03/07 17:04:07 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2012/03/07 17:04:07 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2012/03/07 17:04:07 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2012/03/07 17:04:07 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2012/03/07 17:04:07 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2012/03/07 17:04:07 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2012/03/07 17:04:07 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2012/03/07 17:04:07 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2012/03/07 16:36:19 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/03/07 16:35:32 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
    [2012/03/07 16:35:32 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2012/03/07 16:35:32 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2012/03/07 16:35:32 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
    [2012/03/07 16:35:32 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2012/03/07 16:35:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2012/03/07 16:35:32 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
    [2012/03/07 16:35:32 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
    [2012/03/07 16:35:32 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
    [2012/03/07 16:35:32 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
    [2012/03/07 16:35:32 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
    [2012/03/07 16:35:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2012/03/07 16:35:32 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2012/03/07 16:35:32 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2012/03/07 16:35:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2012/03/07 16:35:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2012/03/07 16:35:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2012/03/07 16:35:31 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
    [2012/03/07 16:35:31 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2012/03/07 16:34:33 | 3488,858,112 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/04 17:34:09 | 000,033,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
    [2012/03/04 10:06:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/03/03 09:16:48 | 003,577,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
    [2012/03/02 11:58:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
    [2012/03/02 11:57:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
    [2012/03/02 11:56:45 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
    [2012/02/29 16:05:59 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
    [2012/02/27 16:03:53 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
    [2012/02/27 15:58:15 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
    [2012/02/27 15:29:36 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
    [2012/02/22 09:00:04 | 000,040,435 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
    [2012/02/17 09:50:34 | 000,040,431 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
    [2012/02/10 14:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\scluins1.exe
    [2012/02/10 14:59:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\smon03.exe
    [2012/02/10 12:56:45 | 013,261,485 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
    [2011/12/26 12:47:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/11/27 17:42:16 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2011/07/06 18:59:52 | 000,000,127 | ---- | C] () -- C:\WINDOWS\smr.INI
    [2011/06/24 14:16:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0238.old
    [2010/12/14 12:18:29 | 001,160,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/21 07:34:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
    [2010/05/10 17:10:09 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

    ========== LOP Check ==========

    [2009/12/21 09:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2012/03/10 08:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/25 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/13 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2
    [2011/03/15 07:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2010/10/02 14:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/05/10 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2010/05/10 17:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2011/05/18 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/10 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/02/16 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
    [2010/06/26 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
    [2011/02/22 09:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
    [2011/08/31 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2
    [2010/03/17 06:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/11/29 18:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
    [2011/03/10 10:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2011/11/13 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F4aQH6dWKfLhXjC
    [2009/12/13 01:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
    [2010/01/09 13:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
    [2011/07/06 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
    [2011/11/13 10:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mellOOBtxP
    [2012/03/10 09:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2012/03/09 12:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
    [2011/07/03 12:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Style Jukebox Settings
    [2012/02/27 15:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
    [2010/02/09 17:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
    [2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
    [2012/03/09 10:23:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
    [2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
    [2012/03/10 04:17:37 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/06/19 19:23:23 | 001,346,854 | ---- | M] () -- C:\20.pdf
    [2011/06/19 19:22:34 | 001,338,839 | ---- | M] () -- C:\21.pdf
    [2011/02/22 08:58:33 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/12/13 01:33:11 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
    [2012/03/07 17:03:03 | 000,000,282 | -HS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/03/09 13:42:17 | 000,027,765 | ---- | M] () -- C:\ComboFix.txt
    [2009/12/13 01:38:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/08/06 20:19:45 | 000,006,523 | ---- | M] () -- C:\DriverPack_WLAN_wnt5_x86-32.txt
    [2012/03/10 09:06:43 | 3488,858,112 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/13 01:38:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/11/24 15:16:27 | 000,000,004 | ---- | M] () -- C:\mmxsys2.dat
    [2009/12/13 01:38:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/03/06 17:17:55 | 000,092,858 | ---- | M] () -- C:\OTL.Txt
    [2012/03/10 09:06:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/03 15:51:06 | 000,061,270 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_14.27.48_log.txt
    [2012/03/03 17:54:16 | 000,112,750 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_17.12.00_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2012/03/07 17:08:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/08/14 09:19:28 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/03/21 10:00:00 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
    [2009/08/14 09:19:28 | 000,589,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2012/03/07 11:33:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2012/03/04 18:07:23 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
    [2012/03/07 11:33:41 | 054,263,808 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2012/03/07 11:33:41 | 009,175,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2012/03/07 17:09:49 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/13 01:40:13 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/12/13 01:40:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/25 09:40:56 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Owner\Desktop\boot_cleaner.exe
    [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
    [2012/03/10 09:02:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/05/10 16:50:42 | 490,813,152 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Owner\Desktop\QuickBooksPro2010.exe
    [2012/01/21 19:04:45 | 010,107,096 | ---- | M] (Applian Technologies Inc.) -- C:\Documents and Settings\Owner\Desktop\RMSetup.exe
    [2012/02/27 15:29:36 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/03 19:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2008/04/14 03:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/03/10 09:07:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/10 09:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
    [2012/03/09 10:23:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
    [2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
    [2012/03/10 09:06:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2012/03/10 04:17:37 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2009/12/14 15:34:08 | 008,084,968 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.5.5.exe
    [2012/02/10 14:58:34 | 001,652,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\soph.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/12/13 01:40:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
    [2010/01/30 11:49:55 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/03/10 09:47:41 | 000,114,688 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/07/12 14:09:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/04/14 03:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/14 03:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2008/04/14 03:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2008/04/14 03:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoRebootWithLoggedOnUsers" = 1
    "RebootRelaunchTimeoutEnabled" = 1
    "RebootRelaunchTimeout" = 1440

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

    < End of report >
  9. sjy

    sjy Newcomer, in training Topic Starter Posts: 58

    EXTRAS.TXT file:

    OTL Extras logfile created on: 3/10/2012 9:49:13 AM - Run 1
    OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.28% Memory free
    5.09 Gb Paging File | 4.64 Gb Available in Paging File | 91.10% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 292.97 Gb Total Space | 127.92 Gb Free Space | 43.66% Space Free | Partition Type: NTFS
    Drive D: | 303.19 Gb Total Space | 188.72 Gb Free Space | 62.25% Space Free | Partition Type: NTFS
    Drive E: | 647.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive J: | 39.06 Gb Total Space | 8.86 Gb Free Space | 22.68% Space Free | Partition Type: NTFS
    Drive K: | 109.99 Gb Total Space | 4.68 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

    Computer Name: STEVE | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirstRunDisabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
    "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
    "51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
    "51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
    "1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
    "1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
    "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (Intuit, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
    "{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1" = WMA MP3 Converter v4.3 build 1489
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35AF2D74-7048-876E-1869-68B6D635F446}" = Chief Architect X2
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler LightScribe Trial 5
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-0008-0409-0000-0060B0CE6BBA}" = AutoCAD Land Development Desktop 2i
    "{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
    "{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.2
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
    "{D1F94690-C59F-4BF1-A9C5-005DCCE8364D}_is1" = X2X Free MP3 Converter 3.1
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EF5120CC-BA3E-421E-9895-1B906507DD99}_is1" = Style Jukebox (Beta)
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
    "7-Zip" = 7-Zip 4.65
    "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
    "AMA" = AutoCAD 2000i Migration Assistance
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "AnswerWorks" = AnswerWorks Runtime
    "Audio MP3 Sound Recorder" = Audio MP3 Sound Recorder
    "AutoCAD 2010 - English" = AutoCAD 2010 - English
    "avast" = avast! Free Antivirus
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor 4_is1" = AVS Video Editor 4
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Debut" = Debut Video Capture Software
    "Download Manager" = Download Manager
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "Easy DV to DVD" = Easy DV to DVD
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125
    "Google Chrome" = Google Chrome
    "HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
    "HP-Color LaserJet 1600" = Color LaserJet 1600
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Silverlight" = Microsoft Silverlight
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PriceGong" = PriceGong 2.6.2
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
    "Replay Music4.40B" = Replay Music
    "Sophocles" = Sophocles 2003 (Remove Only)
    "Spotify" = Spotify
    "Super Mp3 Recorder_is1" = Super Mp3 Recorder 2.5
    "Surf Canyon" = Fast Search
    "Unlocker" = Unlocker 1.8.7
    "WAV to MP3 Encoder" = WAV to MP3 Encoder
    "WinAVI Video Capture_is1" = WinAVI Video Capture 2.0
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1644491937-2147235713-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Spotify" = Spotify

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/8/2012 8:33:15 AM | Computer Name = STEVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 3/8/2012 8:38:48 AM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/8/2012 8:41:40 AM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/8/2012 8:49:24 AM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/8/2012 5:33:50 PM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/8/2012 5:45:41 PM | Computer Name = STEVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 3/9/2012 2:17:04 PM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/9/2012 2:30:58 PM | Computer Name = STEVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 3/10/2012 9:51:13 AM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    Error - 3/10/2012 10:07:14 AM | Computer Name = STEVE | Source = SQLANY 11.0 | ID = 1
    Description =

    [ OSession Events ]
    Error - 9/5/2011 1:37:20 PM | Computer Name = STEVE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 3/4/2012 5:02:11 PM | Computer Name = STEVE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 768
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 3/4/2012 6:37:38 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7000
    Description = The wscsvc service failed to start due to the following error: %%1083

    Error - 3/4/2012 6:37:38 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Cdrom Imapi

    Error - 3/4/2012 6:51:39 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7000
    Description = The wscsvc service failed to start due to the following error: %%1083

    Error - 3/7/2012 6:08:12 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 3/7/2012 6:08:12 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 3/7/2012 6:15:32 PM | Computer Name = STEVE | Source = Setup | ID = 60055
    Description = Windows Setup encountered non-fatal errors during installation. Please
    check the setuperr.log found in your Windows directory for more informatio

    Error - 3/7/2012 6:36:25 PM | Computer Name = STEVE | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 3/8/2012 8:39:54 AM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/10/2012 9:51:15 AM | Computer Name = STEVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TFSysMon

    Error - 3/10/2012 10:07:21 AM | Computer Name = STEVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TFSysMon


    < End of report >
  10. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | Boot | Stopped] -- -- (TFSysMon)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
      DRV - File not found [Kernel | Boot | Stopped] -- -- (TfFsMon)
      IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      IE - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
      O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - C:\Program Files\RebateRobot\RebateRobot.dll File not found
      O3 - HKU\S-1-5-21-1644491937-2147235713-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      [2012/03/10 09:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
      [2012/03/10 09:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
      [2012/03/10 09:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PriceGong
      [2011/11/13 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F4aQH6dWKfLhXjC
      [2012/03/10 09:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
      @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  11. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Still with me?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.