also @ TechSpot: Sony releases PS4 teaser video on eve of Xbox 720 reveal

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Google redirect is back

Discussion in 'Virus and Malware Removal' started by Shambo9, May 26, 2011.

Page 4 of 7

Broni Malware Annihilator Posts: 39,312 +175

Delete your Combofix file, download fresh one.
Do NOT run it yet.

Re-run RogueKiller and this time, when prompted, type 2.

Try running Combofix now.

Broni, Jun 21, 2011

#61
Shambo9 Newcomer, in training Posts: 113

RogueKiller V5.2.3 [06/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: thomas [Admin rights]
Mode: Remove -- Date : 06/21/2011 21:29:37

Bad processes: 2
[SUSP PATH] dxgi32.exe -- c:\programdata\dxgi32.exe -> KILLED
[RESIDUE] dxgi32.exe -- c:\programdata\dxgi32.exe -> KILLED

Registry Entries: 5
[SUSP PATH] RNUpgradeHelperResumePrompt_thomas.job : c:\users\thomas\appdata\roaming\real\update\upgradehelper\realplayer\8.01\rnupgagent.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT_DLL] HKLM\[...]\Windows : AppInit_DLLs (C:\ProgramData\ASLOC32.dll) -> REPLACED : ()

HOSTS File:

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Shambo9, Jun 21, 2011

#62
Shambo9 Newcomer, in training Posts: 113

Same result D:

Shambo9, Jun 21, 2011

#63
Broni Malware Annihilator Posts: 39,312 +175
Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Jun 21, 2011

#64
Shambo9 Newcomer, in training Posts: 113

2011/06/21 21:59:07.0314 4924 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 21:59:07.0794 4924 ================================================================================
2011/06/21 21:59:07.0794 4924 SystemInfo:
2011/06/21 21:59:07.0794 4924
2011/06/21 21:59:07.0795 4924 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/21 21:59:07.0795 4924 Product type: Workstation
2011/06/21 21:59:07.0795 4924 ComputerName: THOMAS-PC
2011/06/21 21:59:07.0796 4924 UserName: thomas
2011/06/21 21:59:07.0796 4924 Windows directory: C:\Windows
2011/06/21 21:59:07.0796 4924 System windows directory: C:\Windows
2011/06/21 21:59:07.0796 4924 Processor architecture: Intel x86
2011/06/21 21:59:07.0796 4924 Number of processors: 2
2011/06/21 21:59:07.0796 4924 Page size: 0x1000
2011/06/21 21:59:07.0797 4924 Boot type: Normal boot
2011/06/21 21:59:07.0797 4924 ================================================================================
2011/06/21 21:59:09.0051 4924 Initialize success
2011/06/21 21:59:10.0748 3120 ================================================================================
2011/06/21 21:59:10.0748 3120 Scan started
2011/06/21 21:59:10.0748 3120 Mode: Manual;
2011/06/21 21:59:10.0748 3120 ================================================================================
2011/06/21 21:59:12.0891 3120 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/21 21:59:13.0002 3120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/21 21:59:13.0095 3120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/21 21:59:13.0213 3120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/21 21:59:13.0315 3120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/21 21:59:13.0419 3120 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/06/21 21:59:13.0593 3120 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/21 21:59:13.0711 3120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/21 21:59:13.0771 3120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/21 21:59:13.0855 3120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/21 21:59:13.0918 3120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/21 21:59:14.0123 3120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/21 21:59:14.0329 3120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/21 21:59:14.0433 3120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/21 21:59:14.0851 3120 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/06/21 21:59:14.0882 3120 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/06/21 21:59:14.0969 3120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/21 21:59:15.0021 3120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/21 21:59:15.0113 3120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/21 21:59:15.0219 3120 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/06/21 21:59:15.0324 3120 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
2011/06/21 21:59:15.0599 3120 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/21 21:59:15.0817 3120 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/21 21:59:15.0935 3120 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/21 21:59:16.0000 3120 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/21 21:59:16.0136 3120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/21 21:59:16.0242 3120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/21 21:59:16.0355 3120 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/21 21:59:16.0454 3120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/21 21:59:16.0496 3120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/21 21:59:16.0562 3120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/21 21:59:16.0611 3120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/21 21:59:16.0661 3120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/21 21:59:16.0786 3120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/21 21:59:16.0858 3120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/21 21:59:17.0287 3120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/21 21:59:17.0369 3120 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/21 21:59:17.0595 3120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/21 21:59:17.0844 3120 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/21 21:59:18.0058 3120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/21 21:59:18.0142 3120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/21 21:59:18.0237 3120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/21 21:59:18.0408 3120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/21 21:59:18.0530 3120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/21 21:59:18.0813 3120 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/06/21 21:59:19.0266 3120 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/21 21:59:19.0513 3120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/21 21:59:19.0764 3120 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/21 21:59:20.0092 3120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/21 21:59:20.0201 3120 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/21 21:59:20.0432 3120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/21 21:59:20.0629 3120 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/21 21:59:20.0786 3120 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/21 21:59:20.0926 3120 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/21 21:59:21.0007 3120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/21 21:59:21.0088 3120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/21 21:59:21.0140 3120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/21 21:59:21.0258 3120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/21 21:59:21.0325 3120 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/21 21:59:21.0396 3120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/21 21:59:21.0461 3120 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/06/21 21:59:21.0512 3120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/21 21:59:21.0645 3120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/21 21:59:21.0762 3120 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/21 21:59:21.0901 3120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/21 21:59:22.0009 3120 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/21 21:59:22.0063 3120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/21 21:59:22.0160 3120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/21 21:59:22.0257 3120 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/21 21:59:22.0411 3120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/21 21:59:22.0543 3120 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/21 21:59:22.0735 3120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/21 21:59:22.0946 3120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/21 21:59:23.0121 3120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/21 21:59:23.0257 3120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/21 21:59:23.0489 3120 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/21 21:59:23.0654 3120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/21 21:59:23.0747 3120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/21 21:59:23.0835 3120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/21 21:59:23.0972 3120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/21 21:59:24.0091 3120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/21 21:59:24.0174 3120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/21 21:59:24.0254 3120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/21 21:59:24.0367 3120 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/21 21:59:24.0465 3120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/21 21:59:24.0574 3120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/21 21:59:24.0693 3120 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/06/21 21:59:24.0776 3120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/21 21:59:24.0870 3120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/21 21:59:25.0062 3120 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/06/21 21:59:25.0198 3120 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/06/21 21:59:25.0332 3120 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/21 21:59:25.0613 3120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/21 21:59:25.0791 3120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/21 21:59:25.0886 3120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/21 21:59:25.0974 3120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/21 21:59:26.0039 3120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/21 21:59:26.0141 3120 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/21 21:59:26.0252 3120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/21 21:59:26.0336 3120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/21 21:59:26.0565 3120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/21 21:59:26.0678 3120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/21 21:59:26.0747 3120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/21 21:59:26.0861 3120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/21 21:59:26.0902 3120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/21 21:59:27.0008 3120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/21 21:59:27.0057 3120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/21 21:59:27.0122 3120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/21 21:59:27.0170 3120 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/21 21:59:27.0301 3120 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/21 21:59:27.0389 3120 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/21 21:59:27.0454 3120 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/21 21:59:27.0577 3120 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/06/21 21:59:27.0633 3120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/21 21:59:27.0774 3120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/21 21:59:28.0035 3120 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2011/06/21 21:59:28.0174 3120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/21 21:59:28.0216 3120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/21 21:59:28.0305 3120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/21 21:59:28.0380 3120 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/21 21:59:28.0461 3120 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/21 21:59:28.0526 3120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/21 21:59:28.0629 3120 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/21 21:59:28.0728 3120 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/21 21:59:28.0944 3120 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/21 21:59:29.0080 3120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/21 21:59:29.0219 3120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/21 21:59:29.0325 3120 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/21 21:59:29.0439 3120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/21 21:59:29.0511 3120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/21 21:59:29.0566 3120 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/21 21:59:29.0837 3120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/21 21:59:29.0923 3120 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/21 21:59:30.0026 3120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/21 21:59:30.0135 3120 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/21 21:59:30.0258 3120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/21 21:59:30.0323 3120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/21 21:59:30.0376 3120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/21 21:59:30.0442 3120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/21 21:59:30.0568 3120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/21 21:59:30.0760 3120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/21 21:59:30.0951 3120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/21 21:59:31.0024 3120 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/21 21:59:31.0079 3120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/21 21:59:31.0150 3120 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2011/06/21 21:59:31.0246 3120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/21 21:59:31.0332 3120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/21 21:59:31.0411 3120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/21 21:59:31.0792 3120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/21 21:59:31.0867 3120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/06/21 21:59:31.0968 3120 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/21 21:59:32.0103 3120 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/21 21:59:32.0202 3120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/21 21:59:32.0343 3120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/21 21:59:32.0429 3120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/21 21:59:32.0491 3120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/21 21:59:32.0618 3120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/21 21:59:32.0700 3120 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/21 21:59:32.0757 3120 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/21 21:59:32.0831 3120 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/21 21:59:32.0942 3120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/21 21:59:33.0052 3120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/21 21:59:33.0169 3120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/21 21:59:33.0265 3120 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/21 21:59:33.0444 3120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/21 21:59:33.0557 3120 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/21 21:59:33.0617 3120 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/21 21:59:33.0708 3120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/21 21:59:33.0880 3120 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/06/21 21:59:34.0008 3120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/21 21:59:34.0119 3120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/21 21:59:34.0179 3120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/21 21:59:34.0303 3120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/21 21:59:34.0459 3120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/21 21:59:34.0527 3120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/21 21:59:34.0643 3120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/21 21:59:34.0712 3120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/21 21:59:34.0839 3120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/21 21:59:34.0973 3120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/21 21:59:35.0052 3120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/21 21:59:35.0180 3120 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/21 21:59:35.0321 3120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/21 21:59:35.0522 3120 spvads (32984933252f171f5ac5b79701a4d91b) C:\Windows\system32\drivers\spvads.sys
2011/06/21 21:59:35.0596 3120 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/21 21:59:35.0721 3120 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/21 21:59:35.0802 3120 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/21 21:59:35.0925 3120 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/21 21:59:36.0124 3120 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2011/06/21 21:59:36.0261 3120 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/21 21:59:36.0371 3120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/21 21:59:36.0486 3120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/21 21:59:36.0552 3120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/21 21:59:36.0612 3120 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/21 21:59:36.0804 3120 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/21 21:59:36.0980 3120 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/21 21:59:37.0139 3120 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/21 21:59:37.0222 3120 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/21 21:59:37.0339 3120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/21 21:59:37.0416 3120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/21 21:59:37.0477 3120 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/21 21:59:37.0527 3120 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/21 21:59:37.0677 3120 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/21 21:59:37.0931 3120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/21 21:59:38.0067 3120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/21 21:59:38.0193 3120 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/21 21:59:38.0269 3120 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/21 21:59:38.0427 3120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/21 21:59:38.0506 3120 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/21 21:59:38.0664 3120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/21 21:59:38.0742 3120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/21 21:59:38.0817 3120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/21 21:59:38.0909 3120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/21 21:59:38.0972 3120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/21 21:59:39.0063 3120 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/21 21:59:39.0155 3120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/21 21:59:39.0249 3120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/21 21:59:39.0321 3120 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/21 21:59:39.0405 3120 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/21 21:59:39.0482 3120 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/21 21:59:39.0543 3120 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/21 21:59:39.0647 3120 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/21 21:59:39.0719 3120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/21 21:59:39.0796 3120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/21 21:59:39.0879 3120 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/06/21 21:59:39.0995 3120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/21 21:59:40.0058 3120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/21 21:59:40.0114 3120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/21 21:59:40.0163 3120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/21 21:59:40.0266 3120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/21 21:59:40.0331 3120 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2011/06/21 21:59:40.0402 3120 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/21 21:59:40.0539 3120 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/21 21:59:40.0620 3120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/21 21:59:40.0772 3120 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/06/21 21:59:40.0884 3120 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/21 21:59:40.0944 3120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/21 21:59:41.0058 3120 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/21 21:59:41.0140 3120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 21:59:41.0170 3120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 21:59:41.0300 3120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/21 21:59:41.0374 3120 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/21 21:59:41.0726 3120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/21 21:59:41.0865 3120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/21 21:59:41.0979 3120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/21 21:59:42.0085 3120 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/06/21 21:59:42.0108 3120 ================================================================================
2011/06/21 21:59:42.0108 3120 Scan finished
2011/06/21 21:59:42.0108 3120 ================================================================================
2011/06/21 21:59:42.0172 2120 Detected object count: 0
2011/06/21 21:59:42.0172 2120 Actual detected object count: 0

Shambo9, Jun 21, 2011

#65

Broni Malware Annihilator Posts: 39,312 +175

That's clean too.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Broni, Jun 21, 2011

#66

Shambo9 Newcomer, in training Posts: 113

No luck! I feel like crying

Shambo9, Jun 21, 2011

#67
Broni Malware Annihilator Posts: 39,312 +175
Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
volsnap.sys
winlogon.exe
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jun 21, 2011

#68
Shambo9 Newcomer, in training Posts: 113

OTL logfile created on: 6/21/2011 10:47:55 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\thomas\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.60% Memory free
3.74 Gb Paging File | 2.68 Gb Available in Paging File | 71.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 70.52 Gb Free Space | 30.47% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 22:46:50 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Downloads\OTL(1).exe
PRC - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\Windows\System32\wlgpclnt32.exe
PRC - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\ProgramData\dxgi32.exe
PRC - [2011/05/11 14:12:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
PRC - [2011/05/11 14:10:41 | 000,629,848 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/07/13 16:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/07/13 16:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2008/11/26 15:40:52 | 004,751,360 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/11/25 15:18:59 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/29 10:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 22:46:50 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Downloads\OTL(1).exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMPingService)
SRV - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () [Auto | Running] -- C:\Windows\System32\wlgpclnt32.exe -- (RemoteAccess32)
SRV - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/15 15:52:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/16 11:47:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/19 16:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/08 19:34:04 | 000,048,128 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spvads.sys -- (spvads) SoundPlane Audio Device (S)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/15 20:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 02:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]

IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]
IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}: C:\Users\thomas\AppData\Local\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}\ [2011/06/03 14:41:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:04:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:04:43 | 000,000,000 | ---D | M]

[2011/01/18 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions
[2010/06/28 02:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/21 22:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions
[2011/06/19 11:10:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{01fbaae1-2f2b-49f0-8a1a-6c9694c75832}
[2011/01/20 14:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 18:17:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/21 22:17:31 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{a723461c-6cac-408b-89a2-fb3b37af2f6f}
[2011/06/18 18:30:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{c2406156-3439-458a-a18e-d3ec4348716c}
[2011/06/21 21:04:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{ff28c1ca-e92f-4ee8-b82d-2a4312246963}
[2011/02/18 11:11:22 | 000,002,306 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\searchplugins\wot-safe-search.xml
[2011/05/06 20:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 18:47:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/03 14:41:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THOMAS\APPDATA\LOCAL\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}
[2011/05/06 20:04:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 20:04:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

Hosts file not found
O2 - BHO: (no name) - {339E9D0F-43EC-4FBB-B476-12E23EB7E6B1} - C:\Windows\System32\ASLOC32.dll ()
O2 - BHO: (b0eaeade) - {505B5299-8530-5319-B0AA-F808DB8C6DA2} - C:\ProgramData\ASLOC32.dll (CrypKey Inc.)
O2 - BHO: (no name) - {673D3A1F-43EC-4FBB-B476-12E23EB7E6B1} - C:\Windows\System32\ASLOC32.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office10\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office10\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000..\Run: [Bamboo Dock] C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O4 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office10\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} http://www.sunzio.com/global/SunFolderAx.cab (SunFolderElevator Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\ASLOC32.dll) - C:\ProgramData\ASLOC32.dll (CrypKey Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 21:33:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\RK_Quarantine
[2011/06/18 15:15:20 | 000,173,056 | ---- | C] (CrypKey Inc.) -- C:\ProgramData\ASLOC32.dll
[2011/06/06 18:41:01 | 000,000,000 | --SD | C] -- C:\broni12246b
[2011/06/06 18:40:12 | 000,000,000 | --SD | C] -- C:\broni14842b
[2011/06/05 20:50:03 | 000,000,000 | --SD | C] -- C:\yourname
[2011/06/05 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/05 19:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/03 15:18:17 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\thomas\Desktop\TDSSKiller.exe
[2011/06/03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}
[2011/06/03 14:27:07 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\.minecraft
[2011/06/03 14:25:42 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\thomas\Desktop\Minecraft.exe
[2011/05/29 20:28:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 14:40:55 | 000,000,000 | --SD | C] -- C:\broni7004b
[2011/05/29 14:40:09 | 000,000,000 | --SD | C] -- C:\broni31613b
[2011/05/29 14:21:45 | 000,000,000 | --SD | C] -- C:\broni7795b
[2011/05/29 14:21:03 | 000,000,000 | --SD | C] -- C:\broni
[2011/05/27 22:33:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/27 22:33:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/27 22:33:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/27 22:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2009/08/01 22:30:11 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\thomas\Desktop\*.tmp files -> C:\Users\thomas\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 22:29:41 | 000,000,060 | ---- | M] () -- C:\ProgramData\1019bd8c
[2011/06/21 22:22:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 22:22:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 22:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 22:21:30 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 21:30:36 | 000,000,859 | ---- | M] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2011/06/21 19:32:05 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 19:32:05 | 000,119,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/18 15:15:20 | 000,173,056 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\ASLOC32.dll
[2011/06/18 15:15:20 | 000,000,085 | ---- | M] () -- C:\Windows\System32\976727548
[2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\Windows\System32\wlgpclnt32.exe
[2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\ProgramData\dxgi32.exe
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\thomas\Desktop\TDSSKiller.exe
[2011/06/06 19:12:50 | 000,086,528 | ---- | M] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 20:17:49 | 000,001,586 | -HS- | M] () -- C:\Users\thomas\AppData\Local\734ic5kl480kc2nvg31
[2011/06/05 20:17:49 | 000,001,586 | -HS- | M] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/06/05 19:22:36 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:45:46 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 14:42:24 | 000,000,000 | ---- | M] () -- C:\Users\thomas\AppData\Local\Wkiyeviwep.bin
[2011/06/03 14:41:51 | 000,000,120 | ---- | M] () -- C:\Users\thomas\AppData\Local\Fcoxoziyij.dat
[2011/06/03 14:25:40 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\thomas\Desktop\Minecraft.exe
[2011/05/31 19:57:59 | 000,000,909 | ---- | M] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\thomas\Desktop\*.tmp files -> C:\Users\thomas\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 21:30:36 | 000,000,859 | ---- | C] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2011/06/18 18:33:26 | 000,000,060 | ---- | C] () -- C:\ProgramData\1019bd8c
[2011/06/18 15:15:20 | 000,777,216 | ---- | C] () -- C:\ProgramData\dxgi32.exe
[2011/06/18 15:15:17 | 000,777,216 | ---- | C] () -- C:\Windows\System32\wlgpclnt32.exe
[2011/06/18 15:15:17 | 000,000,085 | ---- | C] () -- C:\Windows\System32\976727548
[2011/06/05 22:39:46 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/05 20:17:37 | 000,001,586 | -HS- | C] () -- C:\Users\thomas\AppData\Local\734ic5kl480kc2nvg31
[2011/06/05 20:17:37 | 000,001,586 | -HS- | C] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/06/05 19:22:36 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:45:46 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 14:42:24 | 000,000,000 | ---- | C] () -- C:\Users\thomas\AppData\Local\Wkiyeviwep.bin
[2011/06/03 14:41:49 | 000,000,120 | ---- | C] () -- C:\Users\thomas\AppData\Local\Fcoxoziyij.dat
[2011/05/27 22:33:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/27 22:33:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/27 22:33:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/27 22:33:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/27 22:33:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/27 06:47:30 | 000,000,909 | ---- | C] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/29 18:53:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/27 16:31:05 | 000,108,032 | ---- | C] () -- C:\Windows\System32\OpenAL32.dll
[2010/11/19 06:01:06 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/11/19 06:01:00 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/19 06:01:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/14 03:32:54 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/09/16 00:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/08/23 18:35:42 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2010/08/23 18:35:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2010/07/30 21:46:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/07/30 21:46:23 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/11/17 01:59:11 | 000,000,218 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/27 16:45:16 | 000,001,356 | ---- | C] () -- C:\Users\thomas\AppData\Local\d3d9caps.dat
[2009/03/13 21:20:18 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/13 19:45:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/01/30 18:16:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/18 16:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/31 19:25:05 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008/08/29 14:54:44 | 000,086,528 | ---- | C] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 19:18:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/23 19:18:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/23 18:23:51 | 000,000,014 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/08/23 18:23:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/07/27 00:48:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/27 00:42:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/27 00:42:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/27 00:42:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/27 00:42:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 23:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 12:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 21:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/19 23:11:06 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MD5.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,411,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,643,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,119,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/03 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\.minecraft
[2009/03/03 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\acccore
[2009/01/14 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Aim
[2009/11/19 23:42:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Blitware
[2010/11/15 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/15 18:23:26 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\com.adobe.ExMan
[2008/08/31 03:53:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DNA
[2011/02/27 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoft
[2010/04/25 01:40:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/09 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Easeware
[2010/12/18 10:39:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\GetRightToGo
[2009/08/01 03:35:48 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ijjigame
[2009/04/01 21:21:10 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\iLike
[2009/11/19 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\kgvisa
[2011/01/05 07:30:46 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\LimeWire
[2008/10/06 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Memeo
[2008/11/30 21:48:08 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\OpenOffice.org
[2010/11/14 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\openspaceeditor.ECF9BB42B082DAD413B595721BDA1F54CBEDF132.1
[2009/03/11 13:08:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Publish Providers
[2010/11/08 03:24:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Replay Media Catcher 4
[2008/12/23 01:58:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ScummVM
[2009/11/15 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SmartPCTools
[2009/11/11 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Sony
[2009/03/13 21:21:39 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SQLyog
[2009/03/17 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Thinstall
[2009/03/03 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\TOSHIBA
[2011/06/21 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\uTorrent
[2011/01/06 16:12:13 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Wacom
[2011/01/06 16:12:29 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2009/09/17 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WildTangent
[2008/09/03 09:10:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WinBatch
[2008/10/08 08:34:28 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\XemiComputers
[2010/11/19 05:59:00 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Xilisoft Corporation
[2011/06/21 22:17:11 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/03/18 13:10:36 | 000,000,000 | ---- | M] () -- C:\(null)
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/05/05 04:49:23 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/02/09 22:10:09 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/06/21 22:21:30 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/03 20:46:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/14 13:09:44 | 000,001,098 | -H-- | M] () -- C:\IPH.PH
[2011/03/25 11:29:46 | 000,103,713 | ---- | M] () -- C:\JavaRa.log
[2008/10/03 20:46:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/21 22:21:27 | 2190,577,664 | -HS- | M] () -- C:\pagefile.sys
[2011/06/05 20:47:13 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2011/06/03 15:20:19 | 000,063,742 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_03.06.2011_15.18.23_log.txt
[2011/06/03 15:28:19 | 000,062,758 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_03.06.2011_15.27.03_log.txt
[2011/06/05 21:18:36 | 000,063,274 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_05.06.2011_21.17.12_log.txt
[2011/06/07 00:58:08 | 000,063,014 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.06.2011_00.51.41_log.txt
[2011/06/18 18:17:31 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_18.06.2011_18.17.27_log.txt
[2011/05/27 06:45:03 | 000,063,486 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_27.05.2011_06.43.53_log.txt
[2011/06/18 18:20:07 | 000,063,014 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_18.06.2011_18.19.20_log.txt
[2011/06/21 19:19:08 | 000,063,014 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_21.06.2011_19.14.21_log.txt
[2011/06/21 22:02:18 | 000,063,014 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_21.06.2011_21.59.07_log.txt
[2005/01/25 09:52:28 | 001,089,264 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB893048-x86-ENU.exe
[2005/01/25 09:50:54 | 000,929,520 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB893048-x86-Symbols-ENU.exe

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

Shambo9, Jun 22, 2011

#69
Shambo9 Newcomer, in training Posts: 113

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/05/05 04:49:12 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/05/05 04:49:07 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/05/05 04:49:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/05/05 04:49:18 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/05/05 04:49:20 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/31 19:57:59 | 000,000,286 | -HS- | M] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/03 14:25:40 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\thomas\Desktop\Minecraft.exe
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\thomas\Desktop\TDSSKiller.exe
[1 C:\Users\thomas\Desktop\*.tmp files -> C:\Users\thomas\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/07/26 23:53:08 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2008/07/26 23:52:38 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/23 18:24:07 | 000,000,402 | -HS- | M] () -- C:\Users\thomas\Favorites\desktop.ini
[2009/02/25 11:11:08 | 000,000,452 | ---- | M] () -- C:\Users\thomas\Favorites\NCH Audio and Telephony Software.lnk
[2009/03/10 15:28:52 | 000,000,508 | ---- | M] () -- C:\Users\thomas\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/21 22:29:41 | 000,000,060 | ---- | M] () -- C:\ProgramData\1019bd8c
[2011/06/05 20:17:49 | 000,001,586 | -HS- | M] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/06/18 15:15:20 | 000,173,056 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\ASLOC32.dll
[2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\ProgramData\dxgi32.exe
[2008/04/30 21:28:08 | 001,654,869 | ---- | M] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/24 22:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/24 22:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/25 22:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/25 22:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 01:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 03:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

There is no Extras.txt

Shambo9, Jun 22, 2011

#70

Broni Malware Annihilator Posts: 39,312 +175

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\Windows\System32\wlgpclnt32.exe
PRC - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () -- C:\ProgramData\dxgi32.exe
SRV - [2011/06/18 15:15:14 | 000,777,216 | ---- | M] () [Auto | Running] -- C:\Windows\System32\wlgpclnt32.exe -- (RemoteAccess32)
O2 - BHO: (no name) - {339E9D0F-43EC-4FBB-B476-12E23EB7E6B1} - C:\Windows\System32\ASLOC32.dll ()
O2 - BHO: (b0eaeade) - {505B5299-8530-5319-B0AA-F808DB8C6DA2} - C:\ProgramData\ASLOC32.dll (CrypKey Inc.)
O2 - BHO: (no name) - {673D3A1F-43EC-4FBB-B476-12E23EB7E6B1} - C:\Windows\System32\ASLOC32.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\thomas\Desktop\*.tmp files -> C:\Users\thomas\Desktop\*.tmp -> ]
[2011/06/21 22:29:41 | 000,000,060 | ---- | M] () -- C:\ProgramData\1019bd8c
[2011/06/18 15:15:20 | 000,173,056 | ---- | C] (CrypKey Inc.) -- C:\ProgramData\ASLOC32.dll
[2011/06/18 15:15:20 | 000,000,085 | ---- | M] () -- C:\Windows\System32\976727548
[2011/06/05 20:17:49 | 000,001,586 | -HS- | M] () -- C:\Users\thomas\AppData\Local\734ic5kl480kc2nvg31
[2011/06/05 20:17:49 | 000,001,586 | -HS- | M] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/06/03 14:42:24 | 000,000,000 | ---- | M] () -- C:\Users\thomas\AppData\Local\Wkiyeviwep.bin
[2011/06/03 14:41:51 | 000,000,120 | ---- | M] () -- C:\Users\thomas\AppData\Local\Fcoxoziyij.dat


:Services

:Reg

:Files
C:\Windows\System32\wlgpclnt32.exe
C:\ProgramData\dxgi32.exe
C:\Windows\System32\ASLOC32.dll 


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Broni, Jun 22, 2011

#71

Shambo9 Newcomer, in training Posts: 113

All processes killed
========== OTL ==========
Process wlgpclnt32.exe killed successfully!
Process dxgi32.exe killed successfully!
Service RemoteAccess32 stopped successfully!
Service RemoteAccess32 deleted successfully!
C:\Windows\System32\wlgpclnt32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{339E9D0F-43EC-4FBB-B476-12E23EB7E6B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339E9D0F-43EC-4FBB-B476-12E23EB7E6B1}\ deleted successfully.
C:\Windows\System32\ASLOC32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{505B5299-8530-5319-B0AA-F808DB8C6DA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{505B5299-8530-5319-B0AA-F808DB8C6DA2}\ deleted successfully.
C:\ProgramData\ASLOC32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{673D3A1F-43EC-4FBB-B476-12E23EB7E6B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{673D3A1F-43EC-4FBB-B476-12E23EB7E6B1}\ deleted successfully.
File C:\Windows\System32\ASLOC32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
C:\Windows\System32\mabkmwsdwr.tmp deleted successfully.
C:\Users\thomas\Desktop\mabkmwsdwr.tmp deleted successfully.
C:\ProgramData\1019bd8c moved successfully.
File C:\ProgramData\ASLOC32.dll not found.
C:\Windows\System32\976727548 moved successfully.
C:\Users\thomas\AppData\Local\734ic5kl480kc2nvg31 moved successfully.
C:\ProgramData\734ic5kl480kc2nvg31 moved successfully.
C:\Users\thomas\AppData\Local\Wkiyeviwep.bin moved successfully.
C:\Users\thomas\AppData\Local\Fcoxoziyij.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\System32\wlgpclnt32.exe not found.
C:\ProgramData\dxgi32.exe moved successfully.
File\Folder C:\Windows\System32\ASLOC32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: thomas
->Temp folder emptied: 3740894 bytes
->Temporary Internet Files folder emptied: 22816410 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 525096057 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 67643 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11286282 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2205 bytes

Total Files Cleaned = 537.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: thomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06222011_191604

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Shambo9, Jun 22, 2011

#72
Shambo9 Newcomer, in training Posts: 113

OTL logfile created on: 6/22/2011 7:28:55 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = c:\Users\thomas\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 49.08% Memory free
3.74 Gb Paging File | 2.68 Gb Available in Paging File | 71.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 69.89 Gb Free Space | 30.20% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 19:25:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\thomas\Downloads\OTL.exe
PRC - [2011/05/11 14:12:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
PRC - [2011/05/11 14:10:41 | 000,629,848 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/05/06 20:04:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/13 16:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/07/13 16:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2008/11/26 15:40:52 | 004,751,360 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/11/25 15:18:59 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/29 10:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/05/29 19:25:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\thomas\Downloads\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMPingService)
SRV - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/15 15:52:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/16 11:47:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/19 16:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/08 19:34:04 | 000,048,128 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spvads.sys -- (spvads) SoundPlane Audio Device (S)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/15 20:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 02:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 9D 9E 33 EC 43 BB 4F B4 76 12 E2 3E B7 E6 B1 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}: C:\Users\thomas\AppData\Local\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}\ [2011/06/03 14:41:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:04:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:04:43 | 000,000,000 | ---D | M]

[2011/01/18 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions
[2010/06/28 02:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/21 22:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions
[2011/06/19 11:10:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{01fbaae1-2f2b-49f0-8a1a-6c9694c75832}
[2011/01/20 14:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 18:17:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/21 23:36:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{a723461c-6cac-408b-89a2-fb3b37af2f6f}
[2011/06/18 18:30:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{c2406156-3439-458a-a18e-d3ec4348716c}
[2011/06/21 21:04:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{ff28c1ca-e92f-4ee8-b82d-2a4312246963}
[2011/02/18 11:11:22 | 000,002,306 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\searchplugins\wot-safe-search.xml
[2011/05/06 20:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 18:47:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/03 14:41:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THOMAS\APPDATA\LOCAL\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}
[2011/05/06 20:04:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 20:04:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

Hosts file not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office10\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office10\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Bamboo Dock] C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office10\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} http://www.sunzio.com/global/SunFolderAx.cab (SunFolderElevator Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ProgramData\ASLOC32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 21:33:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\RK_Quarantine
[2011/06/06 18:41:01 | 000,000,000 | --SD | C] -- C:\broni12246b
[2011/06/06 18:40:12 | 000,000,000 | --SD | C] -- C:\broni14842b
[2011/06/05 20:50:03 | 000,000,000 | --SD | C] -- C:\yourname
[2011/06/05 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/05 19:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/03 15:18:17 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\thomas\Desktop\TDSSKiller.exe
[2011/06/03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\{6C4A73DE-8373-4FB7-A232-E7AF808DC258}
[2011/06/03 14:27:07 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\.minecraft
[2011/06/03 14:25:42 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\thomas\Desktop\Minecraft.exe
[2011/05/29 20:28:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 14:40:55 | 000,000,000 | --SD | C] -- C:\broni7004b
[2011/05/29 14:40:09 | 000,000,000 | --SD | C] -- C:\broni31613b
[2011/05/29 14:21:45 | 000,000,000 | --SD | C] -- C:\broni7795b
[2011/05/29 14:21:03 | 000,000,000 | --SD | C] -- C:\broni
[2011/05/27 22:33:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/27 22:33:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/27 22:33:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/27 22:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2009/08/01 22:30:11 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2011/06/22 19:23:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:23:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/22 19:23:37 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 21:30:36 | 000,000,859 | ---- | M] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2011/06/21 19:32:05 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 19:32:05 | 000,119,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\thomas\Desktop\TDSSKiller.exe
[2011/06/06 19:12:50 | 000,086,528 | ---- | M] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 19:22:36 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:45:46 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 14:25:40 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\thomas\Desktop\Minecraft.exe
[2011/05/31 19:57:59 | 000,000,909 | ---- | M] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/21 21:30:36 | 000,000,859 | ---- | C] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2011/06/05 22:39:46 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/05 19:22:36 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:45:46 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 22:33:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/27 22:33:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/27 22:33:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/27 22:33:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/27 22:33:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/27 06:47:30 | 000,000,909 | ---- | C] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/29 18:53:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/27 16:31:05 | 000,108,032 | ---- | C] () -- C:\Windows\System32\OpenAL32.dll
[2010/11/19 06:01:06 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/11/19 06:01:00 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/19 06:01:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/14 03:32:54 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/09/16 00:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/08/23 18:35:42 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2010/08/23 18:35:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2010/07/30 21:46:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/07/30 21:46:23 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/11/17 01:59:11 | 000,000,218 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/27 16:45:16 | 000,001,356 | ---- | C] () -- C:\Users\thomas\AppData\Local\d3d9caps.dat
[2009/03/13 21:20:18 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/13 19:45:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/01/30 18:16:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/18 16:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/31 19:25:05 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008/08/29 14:54:44 | 000,086,528 | ---- | C] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 19:18:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/23 19:18:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/23 18:23:51 | 000,000,014 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/08/23 18:23:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/07/27 00:48:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/27 00:42:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/27 00:42:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/27 00:42:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/27 00:42:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 23:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 12:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 21:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/19 23:11:06 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MD5.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,411,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,643,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,119,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/03 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\.minecraft
[2009/03/03 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\acccore
[2009/01/14 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Aim
[2009/11/19 23:42:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Blitware
[2010/11/15 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/15 18:23:26 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\com.adobe.ExMan
[2008/08/31 03:53:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DNA
[2011/02/27 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoft
[2010/04/25 01:40:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/09 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Easeware
[2010/12/18 10:39:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\GetRightToGo
[2009/08/01 03:35:48 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ijjigame
[2009/04/01 21:21:10 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\iLike
[2009/11/19 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\kgvisa
[2011/01/05 07:30:46 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\LimeWire
[2008/10/06 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Memeo
[2008/11/30 21:48:08 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\OpenOffice.org
[2010/11/14 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\openspaceeditor.ECF9BB42B082DAD413B595721BDA1F54CBEDF132.1
[2009/03/11 13:08:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Publish Providers
[2010/11/08 03:24:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Replay Media Catcher 4
[2008/12/23 01:58:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ScummVM
[2009/11/15 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SmartPCTools
[2009/11/11 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Sony
[2009/03/13 21:21:39 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SQLyog
[2009/03/17 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Thinstall
[2009/03/03 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\TOSHIBA
[2011/06/22 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\uTorrent
[2011/01/06 16:12:13 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Wacom
[2011/01/06 16:12:29 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2009/09/17 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WildTangent
[2008/09/03 09:10:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WinBatch
[2008/10/08 08:34:28 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\XemiComputers
[2010/11/19 05:59:00 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Xilisoft Corporation
[2011/06/22 19:22:38 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Shambo9, Jun 22, 2011

#73
Broni Malware Annihilator Posts: 39,312 +175

How is redirection now?

Broni, Jun 22, 2011

#74
Shambo9 Newcomer, in training Posts: 113

Still happening

Shambo9, Jun 23, 2011

#75
Broni Malware Annihilator Posts: 39,312 +175

Let's try resetting router one more time...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Broni, Jun 23, 2011

#76
Shambo9 Newcomer, in training Posts: 113

Tried the first command prompt, got "the requested operation requires elevation".

I suspect I somehow got my administrator status taken since Combofix said something similar to this effect and OTL required a doublecheck prompt before I let it run.

Shambo9, Jun 23, 2011

#77
Broni Malware Annihilator Posts: 39,312 +175

You're not reading carefully:

in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter

Broni, Jun 23, 2011

#78
Shambo9 Newcomer, in training Posts: 113

I did that. It didn't help

Shambo9, Jun 23, 2011

#79
Broni Malware Annihilator Posts: 39,312 +175
Please click HERE to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.

It will install to your desktop.

After that leave what is selected and put a check next to My Computer.

Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.

Then click on Start Scan.

Before it is done it may prompt for action regardless of the setting so choose delete if prompted.

When the scan is done no log will be produced.

Click on the bottom where it says Report to open the report.

Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.

This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.

You can save this on the desktop.

Post the contents of the document in your next reply.
Broni, Jun 23, 2011

#80

Page 4 of 7

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.