[Closed]Search redirect, Ping.exe, Rootkit.Gen2

Status
Not open for further replies.
When using a flash drive to transfer, it will not load the Recovery Console. Just bypass and go on with the scan.
 
Bobbye - Thanks for the suggestoin, but I am no longer using a flash drive.

I have installed the infected drive back into my PC as the boot drive.

When I try to run combofix it does not get past the stage where it tries to run recovery console.
 
Click on NO

recovery-console-prompt.jpg


It can be installed later, separately.
 
Bobbye,

I am running combofix now and will post log shortly.

You mentioned in earlier post that flashget and orbitdownloader should be removed. Should I do that now or wait until we are done cleaning the system?
 
Ran combofix and received warning that Rootkit.ZeroAccess was found. Warning also stated that if I could not connect to network after combofix ran to run a second time. Following first run was not able to connect (stuck at acquiring network address). Attached log from first run and am in process of running combofix a second time.

ComboFix 11-12-03.01 - Rich 12/06/2011 18:52:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2644 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\microsoft\media index\wmplibrary_v_0_12.lrd
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Rich\Application Data\RapidGet
c:\documents and settings\Rich\Application Data\RapidGet\DLQueue.dat
c:\documents and settings\Rich\Application Data\RapidGet\settings.ini
c:\documents and settings\Rich\WINDOWS
c:\windows\$NtUninstallKB55175$
c:\windows\$NtUninstallKB55175$\1847805616
c:\windows\$NtUninstallKB55175$\3803002154\@
c:\windows\$NtUninstallKB55175$\3803002154\bckfg.tmp
c:\windows\$NtUninstallKB55175$\3803002154\cfg.ini
c:\windows\$NtUninstallKB55175$\3803002154\Desktop.ini
c:\windows\$NtUninstallKB55175$\3803002154\keywords
c:\windows\$NtUninstallKB55175$\3803002154\kwrd.dll
c:\windows\$NtUninstallKB55175$\3803002154\L\asobptkf
c:\windows\$NtUninstallKB55175$\3803002154\lsflt7.ver
c:\windows\$NtUninstallKB55175$\3803002154\U\00000001.@
c:\windows\$NtUninstallKB55175$\3803002154\U\00000002.@
c:\windows\$NtUninstallKB55175$\3803002154\U\00000004.@
c:\windows\$NtUninstallKB55175$\3803002154\U\80000000.@
c:\windows\$NtUninstallKB55175$\3803002154\U\80000004.@
c:\windows\$NtUninstallKB55175$\3803002154\U\80000032.@
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\test.exe
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-11-22 14:57 . 2011-11-22 14:57 -------- d-----w- C:\_OTM
2011-11-22 02:06 . 2011-11-22 02:06 -------- d-----w- c:\program files\ESET
2011-11-21 22:17 . 2011-11-21 22:17 -------- d-----w- c:\documents and settings\Rich\Application Data\Avira
2011-11-21 22:11 . 2011-10-19 21:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 22:11 . 2011-10-19 21:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 22:11 . 2011-10-19 21:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\program files\Avira
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-13 15:04 . 2011-11-21 21:44 -------- d-----w- c:\windows\Internet Logs
2011-11-13 15:02 . 2011-11-13 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-12 18:45 . 2011-11-13 15:34 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\SmartPadUsb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 02:00 . 2011-03-27 17:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rich^Start Menu^Programs^Startup^HDD temperature.lnk]
path=c:\documents and settings\Rich\Start Menu\Programs\Startup\HDD temperature.lnk
backup=c:\windows\pss\HDD temperature.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching]
2001-11-29 03:55 262144 ----a-w- c:\progra~1\DATACA~1\FLASHKSK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-26 23:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"UPS"=3 (0x3)
"nTuneService"=2 (0x2)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [11/21/2011 5:11 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/4/2009 1:50 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/10/2010 2:14 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/21/2011 5:11 PM 86224]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [5/22/2006 7:52 PM 15793]
R2 ssoftnt4;ssoftnt4;c:\windows\SYSTEM32\DRIVERS\ssoftnt4.sys [5/21/2004 1:30 AM 114944]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 kbdcap;kbdcap;c:\windows\SYSTEM32\DRIVERS\KbdCap.sys [4/20/2007 4:15 PM 109440]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 musbehco;musbehco;\??\c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 12872]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\SDSTOR2K.SYS [9/5/2005 2:25 PM 37781]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [3/19/2010 5:49 AM 344064]
S4 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe --> c:\program files\iPass\iPassConnect\iPCAgent.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=CrimsonEditor.txt
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-lphc70dj0er83 - c:\windows\system32\lphc70dj0er83.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-prunnet - c:\docume~1\Rich\LOCALS~1\Temp\prun.exe
MSConfigStartUp-Sonic RecordNow! - c:\windows\system32\lphc70dj0er83.exe
MSConfigStartUp-Uloriqohuwu - c:\windows\Okifuzuwocucafuv.dll
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Zboard - c:\program files\Ideazon\ZEngine\Zboard.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
AddRemove-{F7E1CA14-B39D-452A-960B-39423DDDD933} - U:\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 19:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\System32\locator.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-06 19:06:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-07 00:06
.
Pre-Run: 129,955,074,048 bytes free
Post-Run: 129,902,399,488 bytes free
.
- - End Of File - - F0D65B28F7FA1F3D57197B33CD614039
 
Ran combofix a second time. Still unable to connect to network. Log following second run is posted below.

ComboFix 11-12-03.01 - Rich 12/06/2011 19:22:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2690 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-11-22 14:57 . 2011-11-22 14:57 -------- d-----w- C:\_OTM
2011-11-22 02:06 . 2011-11-22 02:06 -------- d-----w- c:\program files\ESET
2011-11-21 22:17 . 2011-11-21 22:17 -------- d-----w- c:\documents and settings\Rich\Application Data\Avira
2011-11-21 22:11 . 2011-10-19 21:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 22:11 . 2011-10-19 21:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 22:11 . 2011-10-19 21:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\program files\Avira
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-13 15:04 . 2011-11-21 21:44 -------- d-----w- c:\windows\Internet Logs
2011-11-13 15:02 . 2011-11-13 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-12 18:45 . 2011-11-13 15:34 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\SmartPadUsb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 02:00 . 2011-03-27 17:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rich^Start Menu^Programs^Startup^HDD temperature.lnk]
path=c:\documents and settings\Rich\Start Menu\Programs\Startup\HDD temperature.lnk
backup=c:\windows\pss\HDD temperature.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching]
2001-11-29 03:55 262144 ----a-w- c:\progra~1\DATACA~1\FLASHKSK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-26 23:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"UPS"=3 (0x3)
"nTuneService"=2 (0x2)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [11/21/2011 5:11 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/4/2009 1:50 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/10/2010 2:14 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/21/2011 5:11 PM 86224]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [5/22/2006 7:52 PM 15793]
R2 ssoftnt4;ssoftnt4;c:\windows\SYSTEM32\DRIVERS\ssoftnt4.sys [5/21/2004 1:30 AM 114944]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 kbdcap;kbdcap;c:\windows\SYSTEM32\DRIVERS\KbdCap.sys [4/20/2007 4:15 PM 109440]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 musbehco;musbehco;\??\c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 12872]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\SDSTOR2K.SYS [9/5/2005 2:25 PM 37781]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [3/19/2010 5:49 AM 344064]
S4 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe --> c:\program files\iPass\iPassConnect\iPCAgent.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=CrimsonEditor.txt
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 19:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-06 19:29:51
ComboFix-quarantined-files.txt 2011-12-07 00:29
ComboFix2.txt 2011-12-07 00:06
.
Pre-Run: 129,930,207,232 bytes free
Post-Run: 129,893,232,640 bytes free
.
- - End Of File - - AE4ADACC6A76CD09A214BB0002626CED
 
I'd like to to do the following and see if it restores internet connection:

Click on Start> Run> type in services.msc> Enter.
Scroll down to what will probably be the last Service: "WZCSVC"
Double click on the Service to open> Change the Startup type to Disabled> Stop the Service

This is for Wireless Zero Configuration. It will be set to Automatic and will be Started. If changing this restores the connection, I'll tell you about it. If it doesn't, nothing has been lost
 
It appears that you had the Zone Alarm Firewall or security at some time, but did not do a proper uninstall. I have removed more entries with the script below, but if the entries persist, you will need to uninstall the program correctly

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys
c:\windows\system32\DRIVERS\appliand.sys
c:\program files\CheckPoint\ZAForceField\IswSvc.exe
c:\program files\CheckPoint\ZAForceField\ISWKL.sys
Folder::
c:\documents and settings\All Users\Application Data\CheckPoint
ClearJavaCache::
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"=-
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"=-
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-
Driver::
musbehco
appliandMP
ISWKL
IswSvc

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
 
Bobbye,

I checked the Wireless Zero Configuration Service - it was Disabled.

I was unable to stop Avira using Task Manager (three processes)

avgnt
avguard
avshadow

though I did disable realtime protection

I ran combofix and was told it expired. I ran with REDUCED FUNCTIONALITY mode.

ComboFix 11-12-03.01 - Rich 12/10/2011 13:36:23.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2663 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rich\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys"
"c:\program files\CheckPoint\ZAForceField\ISWKL.sys"
"c:\program files\CheckPoint\ZAForceField\IswSvc.exe"
"c:\windows\system32\DRIVERS\appliand.sys"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-11-22 14:57 . 2011-11-22 14:57 -------- d-----w- C:\_OTM
2011-11-22 02:06 . 2011-11-22 02:06 -------- d-----w- c:\program files\ESET
2011-11-21 22:17 . 2011-11-21 22:17 -------- d-----w- c:\documents and settings\Rich\Application Data\Avira
2011-11-21 22:11 . 2011-10-19 21:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 22:11 . 2011-10-19 21:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 22:11 . 2011-10-19 21:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\program files\Avira
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-13 15:04 . 2011-11-21 21:44 -------- d-----w- c:\windows\Internet Logs
2011-11-13 15:02 . 2011-11-13 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-12 18:45 . 2011-11-13 15:34 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\SmartPadUsb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 02:00 . 2011-03-27 17:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rich^Start Menu^Programs^Startup^HDD temperature.lnk]
path=c:\documents and settings\Rich\Start Menu\Programs\Startup\HDD temperature.lnk
backup=c:\windows\pss\HDD temperature.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching]
2001-11-29 03:55 262144 ----a-w- c:\progra~1\DATACA~1\FLASHKSK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-26 23:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"UPS"=3 (0x3)
"nTuneService"=2 (0x2)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [11/21/2011 5:11 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/4/2009 1:50 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/10/2010 2:14 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/21/2011 5:11 PM 86224]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [5/22/2006 7:52 PM 15793]
R2 ssoftnt4;ssoftnt4;c:\windows\SYSTEM32\DRIVERS\ssoftnt4.sys [5/21/2004 1:30 AM 114944]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 kbdcap;kbdcap;c:\windows\SYSTEM32\DRIVERS\KbdCap.sys [4/20/2007 4:15 PM 109440]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\CheckPoint\ZAForceField\IswSvc.exe" --> c:\program files\CheckPoint\ZAForceField\IswSvc.exe [?]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 musbehco;musbehco;\??\c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 12872]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\SDSTOR2K.SYS [9/5/2005 2:25 PM 37781]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [3/19/2010 5:49 AM 344064]
S4 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe --> c:\program files\iPass\iPassConnect\iPCAgent.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\System32\locator.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-12-10 13:42:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 18:42
ComboFix2.txt 2011-12-07 00:06
.
Pre-Run: 129,886,167,040 bytes free
Post-Run: 129,848,487,936 bytes free
.
- - End Of File - - 119923A501E2AB5A0B5688F850A3312F
 
To disable AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background
antivir.png

  • Right click on tray icon> Uncheck the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background
    antivir_disabled.png
=======================================
Please note that the BleepingComputer.com download link will expire in 10 minutes! After it has expired you will need to refresh your browser to get a working link.

Please refresh and rescan. We need a full log.
 
Bobbye,

Before creating tha above logs, I had disabled Avira as you described. The umbrella was closed, but there were still three Avira processes running in Task Manger.

I will download new Combofix and rerun with the script you provided in previous post.



Thanks!
 
Be sure to uninstall the present Combofix before you download it again:


Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Please describe what you re experiencing now with the old hard drive installed again.
 
Bobbye,

Here is new Combofix log. I downloaded new Combofix and disabled Avira before running, then dragged CFScript you previously provided to Combofix. Still unable to connect to network. Thanks again for your help!

ComboFix 11-12-10.01 - Rich 12/11/2011 10:29:24.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2553 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rich\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys"
"c:\program files\CheckPoint\ZAForceField\ISWKL.sys"
"c:\program files\CheckPoint\ZAForceField\IswSvc.exe"
"c:\windows\system32\DRIVERS\appliand.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\CheckPoint
c:\documents and settings\All Users\Application Data\CheckPoint\ZoneAlarm\Data\zllictbl.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISWKL
-------\Legacy_ISWSVC
-------\Legacy_MUSBEHCO
-------\Service_appliandMP
-------\Service_ISWKL
-------\Service_IswSvc
-------\Service_musbehco
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-11-22 14:57 . 2011-11-22 14:57 -------- d-----w- C:\_OTM
2011-11-22 02:06 . 2011-11-22 02:06 -------- d-----w- c:\program files\ESET
2011-11-21 22:17 . 2011-11-21 22:17 -------- d-----w- c:\documents and settings\Rich\Application Data\Avira
2011-11-21 22:11 . 2011-10-19 21:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 22:11 . 2011-10-19 21:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 22:11 . 2011-10-19 21:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\program files\Avira
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-13 15:04 . 2011-11-21 21:44 -------- d-----w- c:\windows\Internet Logs
2011-11-12 18:45 . 2011-11-13 15:34 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\SmartPadUsb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 02:00 . 2011-03-27 17:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rich^Start Menu^Programs^Startup^HDD temperature.lnk]
path=c:\documents and settings\Rich\Start Menu\Programs\Startup\HDD temperature.lnk
backup=c:\windows\pss\HDD temperature.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching]
2001-11-29 03:55 262144 ----a-w- c:\progra~1\DATACA~1\FLASHKSK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-26 23:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"UPS"=3 (0x3)
"nTuneService"=2 (0x2)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [11/21/2011 5:11 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/4/2009 1:50 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/10/2010 2:14 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/21/2011 5:11 PM 86224]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [5/22/2006 7:52 PM 15793]
R2 ssoftnt4;ssoftnt4;c:\windows\SYSTEM32\DRIVERS\ssoftnt4.sys [5/21/2004 1:30 AM 114944]
R3 kbdcap;kbdcap;c:\windows\SYSTEM32\DRIVERS\KbdCap.sys [4/20/2007 4:15 PM 109440]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 12872]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\SDSTOR2K.SYS [9/5/2005 2:25 PM 37781]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [3/19/2010 5:49 AM 344064]
S4 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe --> c:\program files\iPass\iPassConnect\iPCAgent.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\docume~1\Rich\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Windows SteadyState\SCTSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\System32\locator.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-11 10:40:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 15:40
ComboFix2.txt 2011-12-10 18:42
ComboFix3.txt 2011-12-07 00:06
.
Pre-Run: 129,872,293,888 bytes free
Post-Run: 129,712,570,368 bytes free
.
- - End Of File - - 9BB32025D7AE279D2AF4F22DA08C1E59
 
Bobbye - There seems to be a delay between when I posted previous logs and when you posted reminder to uninstall Combofix. I posted the log in Post 38 before I saw your post 37.

I will uninstall combofix, reinstall new version, and run the CFScript you provided and post logs.

Sorry for the confusion.
 
Bobbye,

Uninstalled Combofix. Downloaded version using link provided in previous post. Ran Combofix by dragging script you provide in earlier post.

I am unable to connect to the internet. When I enable my network connection, it gets to the point of 'Acquiring Network Address' and goes no further.

Thanks for you patience and help.

Combofix log is below.

ComboFix 11-12-10.01 - Rich 12/11/2011 14:15:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2658 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rich\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\docume~1\Rich\LOCALS~1\Temp\musbehco.sys"
"c:\program files\CheckPoint\ZAForceField\ISWKL.sys"
"c:\program files\CheckPoint\ZAForceField\IswSvc.exe"
"c:\windows\system32\DRIVERS\appliand.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISWKL
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-11-22 14:57 . 2011-11-22 14:57 -------- d-----w- C:\_OTM
2011-11-22 02:06 . 2011-11-22 02:06 -------- d-----w- c:\program files\ESET
2011-11-21 22:17 . 2011-11-21 22:17 -------- d-----w- c:\documents and settings\Rich\Application Data\Avira
2011-11-21 22:11 . 2011-10-19 21:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-21 22:11 . 2011-10-19 21:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-21 22:11 . 2011-10-19 21:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\program files\Avira
2011-11-21 22:11 . 2011-11-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-13 15:04 . 2011-11-21 21:44 -------- d-----w- c:\windows\Internet Logs
2011-11-12 18:45 . 2011-11-13 15:34 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\SmartPadUsb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 02:00 . 2011-03-27 17:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rich^Start Menu^Programs^Startup^HDD temperature.lnk]
path=c:\documents and settings\Rich\Start Menu\Programs\Startup\HDD temperature.lnk
backup=c:\windows\pss\HDD temperature.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashVideoBurner]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashvideoburner.com]
flvctrl.exe install show [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching]
2001-11-29 03:55 262144 ----a-w- c:\progra~1\DATACA~1\FLASHKSK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-09-26 23:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"UPS"=3 (0x3)
"nTuneService"=2 (0x2)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [11/21/2011 5:11 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/4/2009 1:50 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/10/2010 2:14 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/21/2011 5:11 PM 86224]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [5/22/2006 7:52 PM 15793]
R2 ssoftnt4;ssoftnt4;c:\windows\SYSTEM32\DRIVERS\ssoftnt4.sys [5/21/2004 1:30 AM 114944]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 kbdcap;kbdcap;c:\windows\SYSTEM32\DRIVERS\KbdCap.sys [4/20/2007 4:15 PM 109440]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [11/6/2007 3:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 12872]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\SDSTOR2K.SYS [9/5/2005 2:25 PM 37781]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [3/19/2010 5:49 AM 344064]
S4 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe --> c:\program files\iPass\iPassConnect\iPCAgent.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\System32\locator.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
.
**************************************************************************
.
Completion time: 2011-12-11 14:25:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 19:25
ComboFix2.txt 2011-12-11 15:40
.
Pre-Run: 131,482,189,824 bytes free
Post-Run: 131,375,448,064 bytes free
.
- - End Of File - - A28B31784451A12B785933D36D3BBCC9
 
Thank you for your patience. Which of the following have been resolved?
1) Google and Yahoo search results are redirected
2) PIng.exe appears in TaskManager - don't recall seeing it before
3) Avira warns that Rootkit.Gen2 is present
4) Occasionally get new Tab in Firefox opening
5) Occasionally get TCP/IP error from Windows
Click to expand...
-------------------------------------------
If all above have been resolved, is this the same?
When I go into Network Connections, I right click Local Area Connection. The Status gets to 'Acquiring Network Address' and goes no further.
Click to expand...
------------------------------------------
Is there any other new problem?
============================
  • Download OTL from either of the links below and save it to your desktop.
    Link 1
    Link 2
    Note 1.: If you cannot run executable file, down OTL from either of the following links:
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
    Note 2: Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.

    [*]Double click the OTL icon to run it.
    OTL_icon.gif

    [*]The opened console will resemble this:
    OTLv3.1.5.0.gif

    [*]Set Output at the top to Minimal Output.
    [*]Check the boxes beside LOP Check and Purity Check.
    [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
    [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
    [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

===================================
And I made an Oops!
oops.gif
which is why you couldn't understand:
I said> "3. Save the files you move from the USB to the desktop. Do a right click> Delete and scan with the AV"

I should have said> "Do a right click on the file and scan with the antivirus."
There is no 'delete' in this..
 
Bobbye,

Thanks for the reply. It may take a day or two for me to reply - I do not have time to dedicate to this right know.

Answers to questions (can't answer most since still unable to connect to internet due to network connection not getting past Acquiring Network Address)

1) Google and Yahoo search results are redirected
I have not been able to check this due to network issue

2) PIng.exe appears in TaskManager - don't recall seeing it before
Ping.exe does not appear in TaskManager

3) Avira warns that Rootkit.Gen2 is present
I will run scan and check

4) Occasionally get new Tab in Firefox opening
I have not been able to check this due to network issue

5) Occasionally get TCP/IP error from Windows
I have not been able to check this due to net work issue

Do you need answers to 3) before I run OTL??
 
No, I don't need log from Avira at this point. Hopefully there will be some answers in the OTL scan.
Take your time- post when you can.
 
Bobbye,

Ran Avira - nothing was found.

Logs from OTL below.

OTL logfile created on: 12/18/2011 4:14:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 84.01% Memory free
4.35 Gb Paging File | 3.99 Gb Available in Paging File | 91.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.49 Gb Total Space | 126.65 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: DHZ5YM51 | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\ssoftsrv.exe (Cypherix)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\SYSTEM32\pdf995mon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WMDM PMSP Service) -- File not found
SRV - (iPCAgent) -- File not found
SRV - (iPassConnectEngine) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (Windows SteadyState) -- C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (ssoftservice) -- C:\WINDOWS\System32\ssoftsrv.exe (Cypherix)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Alpham1) -- C:\WINDOWS\SYSTEM32\DRIVERS\Alpham1.sys (Ideazon Corporation)
DRV - (kbdcap) -- C:\WINDOWS\System32\drivers\KbdCap.sys ()
DRV - (Alpham2) -- C:\WINDOWS\SYSTEM32\DRIVERS\Alpham2.sys (Ideazon Corporation)
DRV - (APLMp50) -- C:\WINDOWS\SYSTEM32\DRIVERS\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MDC80211) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc80211.sys (Meetinghouse Data Communications)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssoftnt4) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssoftnt4.sys ()
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (CVirtA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys (Creative Technology Ltd.)
DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SDSTOR2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDSTOR2K.SYS (SanDisk Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\flashcatch@flashcatch.com: C:\Program Files\FlashCatch\firefox [2010/04/11 16:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 21:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 08:57:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\VideoBar@meep.com: C:\Program Files\Meep\FF\

[2008/06/22 18:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Extensions
[2011/11/13 09:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions
[2011/09/04 07:24:01 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2005/12/18 18:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions\temp
[2011/03/23 19:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\searchplugins\conduit.xml
[2011/06/11 17:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 09:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 09:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/13 16:09:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/11 17:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2009/01/01 23:17:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/04 21:00:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 21:00:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/11 14:21:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302816107968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306104091687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-000000000000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{594FB6E3-AFDE-4E88-BF61-4DA9C1952C2A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 16:12:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTL.exe
[2011/12/18 15:14:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/18 15:11:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rich\Recent
[2011/12/11 14:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/11 14:12:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/11 14:12:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/11 14:12:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/11 14:12:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/11 14:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 14:12:08 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\Rich\Desktop\ComboFix.exe
[2011/12/03 11:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/22 09:57:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/22 09:56:24 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTM.exe
[2011/11/21 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/21 21:06:41 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Rich\Desktop\esetsmartinstaller_enu.exe
[2011/11/21 20:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/21 19:13:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rich\My Documents\My Videos
[2011/11/21 18:18:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rich\Desktop\dds.scr
[2011/11/21 17:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Avira
[2011/11/21 17:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/21 17:11:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/11/21 17:11:54 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/21 17:11:54 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/21 17:11:54 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/21 14:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/21 14:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/21 13:57:53 | 002,856,448 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Rich\My Documents\qkmz.exe

========== Files - Modified Within 30 Days ==========

[2011/12/18 16:11:38 | 000,000,322 | ---- | M] () -- C:\WINDOWS\MATLAB.INI
[2011/12/18 15:42:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTL.exe
[2011/12/18 15:12:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/12/18 15:11:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/12/18 15:11:21 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 14:41:11 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/11 14:41:11 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/11 14:41:11 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/11 14:41:11 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/11 14:41:11 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/11 14:41:11 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/11 14:41:11 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/12/11 14:41:11 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/12/11 14:21:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/12/11 14:09:36 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\Rich\Desktop\ComboFix.exe
[2011/11/22 09:53:00 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTM.exe
[2011/11/21 21:06:42 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Rich\Desktop\esetsmartinstaller_enu.exe
[2011/11/21 20:27:23 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/11/21 20:23:28 | 000,010,514 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\wklnhst.dat
[2011/11/21 18:18:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rich\Desktop\dds.scr
[2011/11/21 18:17:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\gmer.exe
[2011/11/21 17:12:18 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/21 13:58:04 | 002,856,448 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Rich\My Documents\qkmz.exe
[2011/11/20 08:53:39 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/11/19 19:22:45 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/11 14:12:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/11 14:12:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/11 14:12:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/11 14:12:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/11 14:12:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/21 20:27:23 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/11/21 18:17:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\gmer.exe
[2011/11/21 17:12:18 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/08/20 21:56:07 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\CamShapes.ini
[2011/08/20 21:56:07 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\CamLayout.ini
[2011/08/20 21:56:07 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\Camdata.ini
[2011/05/09 21:39:43 | 000,003,998 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\g32nm6cb32555cu00h4dus5w3d30033
[2011/05/09 21:39:43 | 000,003,998 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g32nm6cb32555cu00h4dus5w3d30033
[2011/04/18 21:30:38 | 000,017,252 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 21:30:38 | 000,017,252 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/13 19:03:19 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\2874343434
[2011/04/13 19:03:19 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2874343434
[2011/01/23 14:05:32 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 14:05:29 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 14:05:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/02 13:48:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 16:25:02 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/11 16:25:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/31 17:30:28 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/15 19:44:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/15 18:52:48 | 000,032,192 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\Schedule8.dat
[2009/09/06 14:16:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\PnkBstrK.sys
[2009/09/06 14:16:32 | 000,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/06 14:16:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/08/09 08:17:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/04 16:42:02 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/01/12 19:39:50 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/09/20 15:30:05 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/09/20 15:30:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/16 14:26:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/16 14:26:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/02 18:30:22 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/01 20:46:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/12/28 15:03:35 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2007/12/28 15:03:35 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2007/11/06 20:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/10 18:47:58 | 000,214,504 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/10/10 18:47:52 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/04/20 16:15:10 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2007/04/20 12:57:29 | 000,046,873 | ---- | C] () -- C:\WINDOWS\System32\unhttp.exe
[2007/04/02 17:23:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/02 15:14:18 | 000,000,037 | -H-- | C] () -- C:\Documents and Settings\Rich\Application Data\Web Dumper registration.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/02/11 11:40:02 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/11 11:16:32 | 000,000,322 | ---- | C] () -- C:\WINDOWS\MATLAB.INI
[2006/09/21 18:40:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\SlantFin.ini
[2006/07/08 23:59:18 | 000,000,850 | ---- | C] () -- C:\WINDOWS\dispatch.ini
[2006/05/22 19:55:55 | 000,119,165 | ---- | C] () -- C:\WINDOWS\cleanup.exe
[2006/05/22 19:54:31 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe
[2006/04/09 19:33:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/22 23:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/09/05 14:25:53 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2005/09/05 14:25:53 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/09/05 14:25:53 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2005/09/05 14:25:53 | 000,001,233 | ---- | C] () -- C:\WINDOWS\Sdcache.ini
[2005/09/05 14:25:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/09/05 14:25:45 | 000,002,974 | ---- | C] () -- C:\WINDOWS\System32\SDUSBPDR.INI
[2005/08/12 16:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 21:43:50 | 000,000,645 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2005/08/05 21:43:50 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2005/08/05 20:20:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\fusioncache.dat
[2005/08/01 19:50:48 | 000,002,234 | ---- | C] () -- C:\WINDOWS\Opera.INI
[2005/07/24 11:52:38 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/06/23 17:04:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 10:52:46 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2005/03/25 10:52:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005/03/25 10:45:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/03/25 10:45:44 | 000,050,364 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/01/07 13:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/02 14:37:54 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/10/25 20:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/25 20:29:18 | 000,005,100 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/09/26 18:39:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/25 14:36:18 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\mpauth.dat
[2004/09/18 06:56:47 | 000,000,557 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/09/16 16:28:15 | 000,010,514 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\wklnhst.dat
[2004/09/15 20:33:10 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/12 12:55:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/12 12:52:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/09/12 12:47:40 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2004/09/12 12:47:40 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2004/09/12 12:46:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/12 12:44:56 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/12 12:41:26 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/09/12 12:41:26 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/09/12 12:41:09 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/09/12 12:41:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/09/12 12:41:08 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/09/12 12:41:08 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/09/12 12:41:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/09/12 12:41:08 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2004/09/12 12:41:08 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2004/09/12 12:41:08 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/09/12 12:41:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/09/12 12:41:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/09/12 12:41:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/09/12 12:41:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/09/12 12:41:06 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/09/12 12:41:04 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/09/12 12:40:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/09/12 12:32:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/09/12 12:30:30 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/09/12 12:30:30 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/09/12 12:12:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/21 01:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2004/05/11 10:03:20 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 10:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/30 07:02:45 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2011/08/04 16:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/26 10:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/04/04 16:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/09/14 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/11/17 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/29 16:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/01/04 14:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\alta
[2008/08/16 14:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\AVSMedia
[2010/07/01 20:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\CheckPoint
[2008/01/20 21:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\DMCache
[2007/04/15 15:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\GetRightToGo
[2009/11/08 13:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\GrabPro
[2007/04/17 17:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Ideazon
[2007/04/01 13:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\iGetter
[2004/09/22 19:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Leadertech
[2007/04/01 13:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Maxprog
[2009/11/22 19:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Moyea
[2010/12/31 08:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Notepad++
[2007/04/04 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\NOVOSIB Software
[2011/10/26 20:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Orbit
[2005/03/25 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\pdf995
[2009/09/05 14:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Skinux
[2010/07/17 12:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 05:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 05:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
 
Extras Log

OTL Extras logfile created on: 12/18/2011 4:14:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 84.01% Memory free
4.35 Gb Paging File | 3.99 Gb Available in Paging File | 91.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.49 Gb Total Space | 126.65 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: DHZ5YM51 | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{DB0A4FCC-87C7-4A59-95BE-B5C2F0D8CDD4}" = System Requirements Lab for Intel
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crimson Editor" = Crimson Editor (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1972] [2008-05-24]
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLVCodec" = PlayFLV
"FLVPlayer" = FLV Player 1.3.3
"GameSpy Arcade" = GameSpy Arcade
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageMate/SecureMate V5.08" = SanDisk ImageMate/SecureMate
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera Plug-in for FlashGet" = Opera Plug-in for FlashGet
"Pdf995" = Pdf995
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Scriptdoc" = Windows Script V5.6 Documentation
"Shockwave" = Shockwave
"sscrle_is1" = Cryptainer LE
"STMediaSuite" = SoundTaxi Media Suite 3.9.9
"SystemRequirementsLab" = System Requirements Lab
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2011 8:22:35 PM | Computer Name = DHZ5YM51 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/21/2011 8:23:00 PM | Computer Name = DHZ5YM51 | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mshtml.dll, version 7.0.6000.17097, fault address 0x0002e856.

Error - 11/21/2011 8:33:28 PM | Computer Name = DHZ5YM51 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/21/2011 9:37:27 PM | Computer Name = DHZ5YM51 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/21/2011 10:06:54 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/21/2011 10:06:54 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/21/2011 10:14:31 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/21/2011 10:14:31 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/21/2011 10:16:42 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/21/2011 10:16:43 PM | Computer Name = DHZ5YM51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 12/18/2011 5:03:55 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:03:57 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:04:05 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:05:20 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952450

Error - 12/18/2011 5:05:49 PM | Computer Name = DHZ5YM51 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 12/18/2011 5:07:50 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:07:51 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:07:51 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 12/18/2011 5:07:51 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 12/18/2011 5:07:51 PM | Computer Name = DHZ5YM51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
 
OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
    Code: 
    :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-000000000000} http://download.macromedia.com/pub/s...sh/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/11/21 13:58:04 | 002,856,448 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Rich\My Documents\qkmz.exe
[2011/05/09 21:39:43 | 000,003,998 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\g32nm6cb32555cu00h4dus5w3d30033
[2011/05/09 21:39:43 | 000,003,998 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g32nm6cb32555cu00h4dus5w3d30033
[2011/04/18 21:30:38 | 000,017,252 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 21:30:38 | 000,017,252 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/13 19:03:19 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\2874343434
[2011/04/13 19:03:19 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2874343434
[2010/11/17 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/29 16:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
======================================
Are you using the Remote Access Connection Manager on this system? If yes, you need to have the Telephont Service running
======================================
After you run this, please let me know what if any of the previous problems remain> specifically.
 
Bobbye,

Not sure if I am am running Remote Access Connection Manager. I connect through a wired router (Linksys E1000) to a cable modem. I did check services and found that Telephony was disabled. I was planning to enable after running OTL......

OTL seems to have gotten hungup. The status window at the bottom says:

Processing Registry data regfile [merge] -- Reg Error: Key Error.

It has been stuck here for about 15 minutes. Not sure if I should let it keep running or force a reboot.
 
Bobbye,

OTL was showing using 99% CPU and there was no harddrive activity. I decided to stop the OTL process and reboot. Then I ran Quick Scan.

I started Telephony and was unable to connect to the network (hung up at Acquiring Network Address)

OTL logfile created on: 12/19/2011 5:36:17 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.49% Memory free
4.35 Gb Paging File | 3.93 Gb Available in Paging File | 90.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.49 Gb Total Space | 126.61 Gb Free Space | 87.02% Space Free | Partition Type: NTFS

Computer Name: DHZ5YM51 | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\ssoftsrv.exe (Cypherix)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\WINDOWS\SYSTEM32\pdf995mon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WMDM PMSP Service) -- File not found
SRV - (iPCAgent) -- File not found
SRV - (iPassConnectEngine) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (Windows SteadyState) -- C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (ssoftservice) -- C:\WINDOWS\System32\ssoftsrv.exe (Cypherix)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Alpham1) -- C:\WINDOWS\SYSTEM32\DRIVERS\Alpham1.sys (Ideazon Corporation)
DRV - (kbdcap) -- C:\WINDOWS\System32\drivers\KbdCap.sys ()
DRV - (Alpham2) -- C:\WINDOWS\SYSTEM32\DRIVERS\Alpham2.sys (Ideazon Corporation)
DRV - (APLMp50) -- C:\WINDOWS\SYSTEM32\DRIVERS\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MDC80211) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc80211.sys (Meetinghouse Data Communications)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssoftnt4) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssoftnt4.sys ()
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (CVirtA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys (Creative Technology Ltd.)
DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SDSTOR2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDSTOR2K.SYS (SanDisk Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\flashcatch@flashcatch.com: C:\Program Files\FlashCatch\firefox [2010/04/11 16:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 21:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 08:57:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\VideoBar@meep.com: C:\Program Files\Meep\FF\

[2008/06/22 18:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Extensions
[2011/11/13 09:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions
[2011/09/04 07:24:01 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2005/12/18 18:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\extensions\temp
[2011/03/23 19:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\4gb4jobp.default\searchplugins\conduit.xml
[2011/06/11 17:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 09:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 09:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/13 16:09:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/11 17:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4GB4JOBP.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2009/01/01 23:17:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/04 21:00:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 21:00:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/11 14:21:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302816107968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1306104091687 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{594FB6E3-AFDE-4E88-BF61-4DA9C1952C2A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 17:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rich\Recent
[2011/12/19 17:12:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 16:12:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTL.exe
[2011/12/18 15:14:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/11 14:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/11 14:12:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/11 14:12:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/11 14:12:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/11 14:12:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/11 14:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 14:12:08 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\Rich\Desktop\ComboFix.exe
[2011/12/03 11:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/22 09:57:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/22 09:56:24 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTM.exe
[2011/11/21 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/21 21:06:41 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Rich\Desktop\esetsmartinstaller_enu.exe
[2011/11/21 20:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/21 19:13:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rich\My Documents\My Videos
[2011/11/21 18:18:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rich\Desktop\dds.scr
[2011/11/21 17:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Avira
[2011/11/21 17:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/21 17:11:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/11/21 17:11:54 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/21 17:11:54 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/21 17:11:54 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/21 14:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/21 14:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/12/19 17:35:51 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/12/19 17:34:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/12/19 17:34:29 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 17:34:02 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/19 17:34:02 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/19 17:34:02 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/19 17:34:02 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/12/19 17:34:02 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/19 17:34:02 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/19 17:34:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/12/19 17:34:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2011/12/18 16:11:38 | 000,000,322 | ---- | M] () -- C:\WINDOWS\MATLAB.INI
[2011/12/18 15:42:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTL.exe
[2011/12/11 14:21:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/12/11 14:09:36 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\Rich\Desktop\ComboFix.exe
[2011/11/22 09:53:00 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTM.exe
[2011/11/21 21:06:42 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Rich\Desktop\esetsmartinstaller_enu.exe
[2011/11/21 20:27:23 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/11/21 20:23:28 | 000,010,514 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\wklnhst.dat
[2011/11/21 18:18:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rich\Desktop\dds.scr
[2011/11/21 18:17:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\gmer.exe
[2011/11/21 17:12:18 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/20 08:53:39 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/11/19 19:22:45 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/11 14:12:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/11 14:12:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/11 14:12:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/11 14:12:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/11 14:12:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/21 20:27:23 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to WINWORD.EXE.lnk
[2011/11/21 18:17:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\gmer.exe
[2011/11/21 17:12:18 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/08/20 21:56:07 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\CamShapes.ini
[2011/08/20 21:56:07 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\CamLayout.ini
[2011/08/20 21:56:07 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\Camdata.ini
[2011/01/23 14:05:32 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 14:05:29 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 14:05:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/02 13:48:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 16:25:02 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/11 16:25:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/31 17:30:28 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/11/15 19:44:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/15 18:52:48 | 000,032,192 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\Schedule8.dat
[2009/09/06 14:16:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\PnkBstrK.sys
[2009/09/06 14:16:32 | 000,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/06 14:16:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/08/09 08:17:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/04 16:42:02 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/01/12 19:39:50 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/09/20 15:30:05 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/09/20 15:30:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/16 14:26:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/16 14:26:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/02 18:30:22 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/01 20:46:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/12/28 15:03:35 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2007/12/28 15:03:35 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2007/11/06 20:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/10 18:47:58 | 000,214,504 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/10/10 18:47:52 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/04/20 16:15:10 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2007/04/20 12:57:29 | 000,046,873 | ---- | C] () -- C:\WINDOWS\System32\unhttp.exe
[2007/04/02 17:23:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/02 15:14:18 | 000,000,037 | -H-- | C] () -- C:\Documents and Settings\Rich\Application Data\Web Dumper registration.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/02/11 11:40:02 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/11 11:16:32 | 000,000,322 | ---- | C] () -- C:\WINDOWS\MATLAB.INI
[2006/09/21 18:40:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\SlantFin.ini
[2006/07/08 23:59:18 | 000,000,850 | ---- | C] () -- C:\WINDOWS\dispatch.ini
[2006/05/22 19:55:55 | 000,119,165 | ---- | C] () -- C:\WINDOWS\cleanup.exe
[2006/05/22 19:54:31 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe
[2006/04/09 19:33:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/22 23:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/09/05 14:25:53 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2005/09/05 14:25:53 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/09/05 14:25:53 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2005/09/05 14:25:53 | 000,001,233 | ---- | C] () -- C:\WINDOWS\Sdcache.ini
[2005/09/05 14:25:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/09/05 14:25:45 | 000,002,974 | ---- | C] () -- C:\WINDOWS\System32\SDUSBPDR.INI
[2005/08/12 16:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 21:43:50 | 000,000,645 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2005/08/05 21:43:50 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2005/08/05 20:20:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\fusioncache.dat
[2005/08/01 19:50:48 | 000,002,234 | ---- | C] () -- C:\WINDOWS\Opera.INI
[2005/07/24 11:52:38 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/06/23 17:04:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/25 10:52:46 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2005/03/25 10:52:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005/03/25 10:45:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/03/25 10:45:44 | 000,050,364 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/01/07 13:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/02 14:37:54 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/10/25 20:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/25 20:29:18 | 000,005,100 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/09/26 18:39:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/25 14:36:18 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\mpauth.dat
[2004/09/18 06:56:47 | 000,000,557 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/09/16 16:28:15 | 000,010,514 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\wklnhst.dat
[2004/09/15 20:33:10 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/12 12:55:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/12 12:52:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/09/12 12:47:40 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2004/09/12 12:47:40 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2004/09/12 12:46:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/12 12:44:56 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/12 12:41:26 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/09/12 12:41:26 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/09/12 12:41:09 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/09/12 12:41:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/09/12 12:41:08 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/09/12 12:41:08 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/09/12 12:41:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/09/12 12:41:08 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2004/09/12 12:41:08 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2004/09/12 12:41:08 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/09/12 12:41:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/09/12 12:41:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/09/12 12:41:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/09/12 12:41:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/09/12 12:41:06 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2004/09/12 12:41:04 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/09/12 12:40:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/09/12 12:32:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/09/12 12:30:30 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/09/12 12:30:30 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/09/12 12:12:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/21 01:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2004/05/11 10:03:20 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 10:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/30 07:02:45 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2011/08/04 16:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/26 10:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/04/04 16:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/09/14 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2005/01/04 14:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\alta
[2008/08/16 14:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\AVSMedia
[2010/07/01 20:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\CheckPoint
[2008/01/20 21:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\DMCache
[2007/04/15 15:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\GetRightToGo
[2009/11/08 13:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\GrabPro
[2007/04/17 17:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Ideazon
[2007/04/01 13:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\iGetter
[2004/09/22 19:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Leadertech
[2007/04/01 13:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Maxprog
[2009/11/22 19:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Moyea
[2010/12/31 08:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Notepad++
[2007/04/04 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\NOVOSIB Software
[2011/10/26 20:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Orbit
[2005/03/25 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\pdf995
[2009/09/05 14:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Skinux
[2010/07/17 12:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\SystemRequirementsLab

========== Purity Check ==========



< End of report >
 
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
=====================================
Have you checked all you network settings> The failure to connects is all that's left, is it not? "Acquiring Network Address" sounds like setting problem and/or ISP problem.
 
Bobbye - Inability to connect to the network is the current problem.

The problem seems to be related to the process Afd not starting. Not sure if we should close this thread and open new one in another form to address network issue.

Since I can connect using the other boot drive, I am confident this is not a hardware issue.

I would appreciate any advice on how to proceed.

Thanks!
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back