Google redirecting and iexplore.exe running, random IE popups

Solved
By rukino
Jun 26, 2011
Topic Status:
Not open for further replies.
  1. Hello, here are the mbam, GMER and DDS logs as requested in the 7-step removal thread.

    There have been two iexplore.exe processes running in the background, and google is redirecting me whenever I try to click on links. Sometimes random IE windows pop up too.

    Thanks for your help.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6956

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    6/26/2011 8:37:09 PM
    mbam-log-2011-06-26 (20-37-09).txt

    Scan type: Quick scan
    Objects scanned: 162236
    Time elapsed: 4 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-26 20:40:16
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
    Running: uvvpb1qu.exe; Driver: C:\Users\Rukan\AppData\Local\Temp\fwtcqpoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\tdx \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\tdx \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:272] 864F2E7A
    Thread System [4:276] 864F5008

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by Rukan at 20:41:08 on 2011-06-26
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1594 [GMT -4:00]
    .
    AV: Doctor Web Anti-Virus *Enabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Doctor Web Anti-Virus *Enabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\SMINST\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
    C:\windows\SMINST\Components\scheduler\STService.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DrWeb\spiderml.exe
    C:\Program Files\DrWeb\spidergate.exe
    C:\Program Files\DrWeb\spideragent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell Remote Access\ezi_ra.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: FCToolbarURLSearchHook Class: {edc8d02a-7ae5-1094-ddc0-16d2381944d0} - c:\program files\socialribbons lp 1\Helper.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SocialRibbons LP 1: {2f3d5040-d8e1-f5b4-150e-f532a5f23615} - c:\program files\socialribbons lp 1\Toolbar.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {C5BA4085-A224-412A-B91F-08543F6212EC} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" -autorun
    mRun: [SpIDerGate] "c:\program files\drweb\spidergate.exe" -autorun
    mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
    mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
    mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
    StartupFolder: c:\users\rukan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\drweb\drwebsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{6E10441E-E40F-4420-B00E-0421FD555782} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\rukan\appdata\roaming\mozilla\firefox\profiles\jk9b0yby.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-6-26 139768]
    R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-6-26 93944]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-6 81920]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2011-5-4 1667416]
    R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-6-6 632048]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-6 144128]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-6-6 144672]
    R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-6-6 269216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-20 136176]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-06-26 13:22:44 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
    2011-06-26 13:22:10 93944 ----a-w- c:\windows\system32\drivers\spiderg3.sys
    2011-06-26 13:21:17 -------- d-----w- c:\programdata\Doctor Web
    2011-06-26 13:21:16 -------- d-----w- c:\program files\DrWeb
    2011-06-26 13:21:16 -------- d-----w- c:\program files\common files\Doctor Web
    2011-06-26 13:17:48 -------- d-----w- c:\users\rukan\appdata\local\Downloaded Installations
    2011-06-26 04:15:56 -------- d-----w- c:\users\rukan\DoctorWeb
    2011-06-25 16:37:09 -------- d-----w- c:\program files\CCleaner
    2011-06-25 16:35:00 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-06-25 16:19:34 -------- d-----w- c:\windows\system32\Profiles
    2011-06-25 15:37:28 -------- d--h--w- C:\$AVG
    2011-06-25 05:53:31 -------- d-----w- c:\users\rukan\appdata\roaming\AVG10
    2011-06-25 05:50:09 -------- d--h--w- c:\programdata\Common Files
    2011-06-25 05:47:02 -------- d-----w- c:\programdata\AVG10
    2011-06-25 05:44:35 -------- d-----w- c:\program files\AVG
    2011-06-25 05:34:31 -------- d-----w- c:\programdata\MFAData
    2011-06-24 05:44:12 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c625cb73-1364-431e-9975-14b0a0be8e07}\mpengine.dll
    2011-06-24 02:25:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-24 02:25:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-06-22 18:43:39 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-06-22 18:43:39 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-06-22 07:02:21 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-06-22 07:02:21 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-06-22 07:02:21 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-06-22 07:02:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-06-22 07:02:21 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-06-22 02:16:16 -------- d-----w- c:\program files\SocialRibbons LP 1
    2011-06-22 02:16:16 -------- d-----w- c:\program files\common files\FreeCause
    2011-06-22 02:16:09 -------- d--h--w- c:\programdata\Tarma Installer
    2011-06-22 02:15:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-06-22 02:15:55 -------- d--h--w- c:\users\rukan\appdata\local\Conduit
    2011-06-21 22:33:34 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-06-21 22:33:34 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-06-21 22:33:32 378368 ----a-w- c:\windows\system32\winhttp.dll
    2011-06-21 20:33:02 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2011-06-21 20:33:02 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2011-06-21 20:31:33 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-06-21 20:31:31 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-06-21 14:58:05 -------- d--h--w- c:\users\rukan\appdata\roaming\Jasc
    2011-06-21 14:01:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-06-21 14:01:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-06-21 07:29:47 80896 ----a-w- c:\windows\system32\MSNP.ax
    2011-06-21 07:29:47 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-06-21 07:29:47 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-06-21 07:29:45 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-06-21 07:29:45 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-06-21 07:10:06 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2011-06-21 07:10:06 622080 ----a-w- c:\windows\system32\icardagt.exe
    2011-06-21 07:10:06 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
    2011-06-21 07:10:06 11264 ----a-w- c:\windows\system32\icardres.dll
    2011-06-21 07:10:06 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2011-06-21 07:10:05 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2011-06-21 07:06:28 158720 ----a-w- c:\windows\system32\mscorier.dll
    2011-06-21 07:06:26 83968 ----a-w- c:\windows\system32\mscories.dll
    2011-06-21 07:05:08 411136 ----a-w- c:\windows\system32\drivers\http.sys
    2011-06-21 07:05:08 31232 ----a-w- c:\windows\system32\httpapi.dll
    2011-06-21 07:05:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2011-06-21 07:04:15 231936 ----a-w- c:\windows\system32\msshsq.dll
    2011-06-20 23:11:50 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-06-20 23:11:43 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-20 22:25:29 -------- d-----w- c:\program files\uTorrent
    2011-06-20 22:25:00 -------- d--h--w- c:\users\rukan\appdata\roaming\uTorrent
    2011-06-20 21:52:14 -------- d--h--w- c:\programdata\Blumentals
    2011-06-20 21:50:44 236159 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_8096.exe
    2011-06-20 21:50:43 -------- d-----w- c:\program files\Easy Gif Animator Extension
    2011-06-20 21:40:11 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
    2011-06-20 21:35:31 -------- d--h--w- c:\users\rukan\appdata\local\ManyCam
    2011-06-20 21:35:30 -------- d--h--w- c:\users\rukan\appdata\roaming\ManyCam
    2011-06-20 21:33:27 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-20 21:32:58 -------- d--h--w- c:\users\rukan\appdata\roaming\SUPERAntiSpyware.com
    2011-06-20 21:32:58 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
    2011-06-20 21:28:57 417792 ----a-w- c:\program files\windows media player\plugins\wmp_scrobbler.dll
    2011-06-20 21:28:54 -------- d--h--w- c:\programdata\Last.fm
    2011-06-20 21:27:23 -------- d--h--w- c:\users\rukan\appdata\local\Last.fm
    2011-06-20 20:29:31 -------- d-----r- c:\program files\Skype
    2011-06-20 19:46:12 -------- d-----w- c:\users\rukan\stuff
    2011-06-20 19:28:39 -------- d--h--w- c:\users\rukan\appdata\local\Apple
    2011-06-20 19:04:03 -------- d--h--w- c:\users\rukan\Dexter
    2011-06-20 17:25:59 -------- d--h--w- c:\users\rukan\.thumbnails
    2011-06-20 17:24:46 -------- d-----w- c:\program files\ManyCam
    2011-06-20 17:24:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-20 17:24:45 -------- d-----w- c:\program files\LeeGTs Software
    2011-06-20 17:24:44 -------- d-----w- c:\program files\Last.fm
    2011-06-20 17:24:44 -------- d-----w- c:\program files\Lame for Audacity
    2011-06-20 17:24:44 -------- d-----w- c:\program files\Jasc Software Inc
    2011-06-20 17:24:40 -------- d-----w- c:\program files\Hitachi
    2011-06-20 17:24:40 -------- d-----w- c:\program files\Griffin Technology
    2011-06-20 17:24:36 -------- d-----w- c:\program files\GIMP-2.0
    2011-06-20 17:24:35 -------- d-----w- c:\program files\Free M4a to MP3 Converter
    2011-06-20 17:24:33 -------- d-----w- c:\program files\Easy GIF Animator
    2011-06-20 17:22:56 -------- d-----w- c:\program files\CamStudio
    2011-06-20 17:22:55 -------- d-----w- c:\program files\Bonjour
    2011-06-20 17:22:54 -------- d-----w- c:\program files\AviSynth 2.5
    2011-06-20 17:22:52 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-06-20 17:22:52 -------- d-----w- c:\program files\Ape Ripper
    2011-06-20 17:21:07 -------- d--h--w- C:\.hitachi-lifestudio
    2011-06-20 14:48:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-20 14:35:29 -------- d--h--w- c:\users\rukan\appdata\local\Apps
    2011-06-20 14:34:50 -------- d-----w- c:\program files\Active Data Recovery Software
    2011-06-20 13:34:56 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-20 13:33:53 104960 ----a-w- c:\windows\system32\netiohlp.dll
    2011-06-20 13:33:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2011-06-20 13:33:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2011-06-20 13:33:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2011-06-20 13:33:52 19968 ----a-w- c:\windows\system32\ARP.EXE
    2011-06-20 13:33:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2011-06-20 13:33:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2011-06-20 13:33:52 10240 ----a-w- c:\windows\system32\finger.exe
    2011-06-20 13:31:54 513024 ----a-w- c:\windows\system32\wlansvc.dll
    2011-06-20 13:30:59 304640 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-20 13:29:59 714240 ----a-w- c:\windows\system32\timedate.cpl
    2011-06-20 13:28:51 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2011-06-20 13:27:59 1257472 ----a-w- c:\windows\system32\msxml3.dll
    2011-06-20 13:26:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-20 04:52:53 171520 ----a-w- c:\windows\system32\wintrust.dll
    2011-06-20 04:52:50 98304 ----a-w- c:\windows\system32\cabview.dll
    2011-06-20 04:47:43 -------- d--h--w- c:\users\rukan\appdata\local\AOL
    2011-06-20 04:47:43 -------- d--h--w- c:\users\rukan\appdata\local\AIM
    2011-06-20 04:47:35 -------- d--h--w- c:\programdata\AIM
    2011-06-20 04:47:29 -------- d-----w- c:\program files\common files\Software Update Utility
    2011-06-20 04:47:29 -------- d-----w- c:\program files\AIM
    2011-06-20 04:47:28 -------- d-----w- c:\program files\common files\AOL
    2011-06-20 04:45:17 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2011-06-20 04:45:00 87552 ----a-w- c:\windows\system32\wudriver.dll
    2011-06-20 04:44:52 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-06-20 04:44:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2011-06-20 04:44:31 -------- d--h--w- c:\users\rukan\My Backup Files
    2011-06-20 04:43:51 -------- d--h--w- c:\users\rukan\appdata\local\DataSafeOnline
    2011-06-20 04:43:28 -------- d--h--w- c:\users\rukan\appdata\local\PowerDVD DX
    2011-06-20 04:43:20 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-06-20 04:42:57 -------- d--h--w- c:\users\rukan\appdata\local\VirtualStore
    2011-06-20 04:42:32 -------- d-sh--w- C:\System Recovery
    .
    ==================== Find3M ====================
    .
    2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
    2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    ============= FINISH: 20:42:50.11 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 6/5/2009 8:25:21 PM
    System Uptime: 6/26/2011 8:13:51 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 66.615 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 4.122 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Acrobat.com
    Active@ UNDELETE 7 Enterprise
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Advanced Audio FX Engine
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Banctec Service Agreement
    Bonjour
    CCleaner
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Dell-eBay
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Remote Access
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    Download Updater (AOL LLC)
    Dr.Web Security Space 6.0 (x86)
    Easy GIF Animator 5.1
    Easy Gif Animator Extension
    GIMP 2.6.11
    Google Chrome
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Integrated Webcam Driver (1.00.02.0825)
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Jasc Animation Shop 3
    Java(TM) 6 Update 11
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Malwarebytes' Anti-Malware version 1.51.0.1200
    ManyCam 2.6.55 (remove only)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    PowerDVD DX
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.3
    SocialRibbons LP 1
    SopCast 3.4.0
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.1.10
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/21/2011 3:21:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/21/2011 3:21:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/21/2011 3:21:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/21/2011 11:33:43 AM, Error: netbt [4321] - The name "JK-MACBOOK :0" could not be registered on the interface with IP address 192.168.2.11. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
    6/21/2011 10:00:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 00255631EA6C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/20/2011 9:32:52 PM, Error: netbt [4321] - The name "IMAN-PC :0" could not be registered on the interface with IP address 192.168.2.11. The computer with the IP address 192.168.2.9 did not allow the name to be claimed by this computer.
    6/20/2011 9:14:04 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JK-MACBOOK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E10441E-E40F-4420-B00E-0421FD5. The master browser is stopping or an election is being forced.
    6/20/2011 9:10:59 AM, Error: netbt [4321] - The name "JK-MACBOOK :0" could not be registered on the interface with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not allow the name to be claimed by this computer.
    6/20/2011 4:03:35 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    6/20/2011 3:56:42 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/20/2011 3:56:42 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/20/2011 3:25:23 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log for more detail.
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
    6/20/2011 12:46:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. rukino

    rukino Newcomer, in training Topic Starter

    I've downloaded it and unzipped it, but when I try to start the program, it doesn't start.

    It says I need to give permission to continue, so I click yes, but then the program doesn't open.
  4. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  5. rukino

    rukino Newcomer, in training Topic Starter

    Okay, here they are.

    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-26 22:06:38
    -----------------------------
    22:06:38.209 OS Version: Windows 6.0.6001 Service Pack 1
    22:06:38.209 Number of processors: 2 586 0x170A
    22:06:38.210 ComputerName: RICKSCOMP UserName: Rukan
    22:06:39.805 Initialize success
    22:06:52.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:06:52.606 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
    22:06:52.634 Disk 0 MBR read successfully
    22:06:52.637 Disk 0 MBR scan
    22:06:52.639 Disk 0 unknown MBR code
    22:06:52.643 Disk 0 scanning sectors +488395120
    22:06:52.679 Disk 0 scanning C:\Windows\system32\drivers
    22:06:57.856 Service scanning
    22:06:58.975 Disk 0 trace - called modules:
    22:06:59.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864ee1ed]<<
    22:06:59.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859780f8]
    22:06:59.024 3 CLASSPNP.SYS[89d9d745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84f49028]
    22:06:59.029 \Driver\iaStor[0x84eb7880] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x864ee1ed
    22:06:59.034 Scan finished successfully
    22:07:17.354 Disk 0 MBR has been saved successfully to "C:\Users\Rukan\Desktop\MBR.dat"
    22:07:17.359 The log file has been saved successfully to "C:\Users\Rukan\Desktop\aswMBR.txt"

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6001 (Service Pack 1)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8D602000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9428992 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
    0x81A3C000 C:\Windows\system32\ntkrnlpa.exe 3911680 bytes (Microsoft Corporation, NT Kernel & System)
    0x81A3C000 PnpManager 3911680 bytes
    0x81A3C000 RAW 3911680 bytes
    0x81A3C000 WMIxWDM 3911680 bytes
    0x98240000 Win32k 2109440 bytes
    0x98240000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8E200000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
    0x89C01000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
    0x8260E000 C:\Windows\system32\drivers\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8E606000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
    0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0xAF00C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x90803000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes
    0x8240E000 C:\Windows\system32\drivers\iastor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
    0x90907000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
    0x8DF00000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8272D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xAB206000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8E403000 C:\Windows\system32\DRIVERS\stwrt.sys 413696 bytes (IDT, Inc., IDT PC Audio)
    0x80417000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0xAB376000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x8E348000 C:\Windows\system32\DRIVERS\yk60x86.sys 315392 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
    0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8E766000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8068B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8E3A8000 C:\Windows\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
    0x8D40F000 C:\Windows\system32\DRIVERS\OA009Vid.sys 270336 bytes (Creative Technology Ltd., Video Capture Device Driver)
    0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8D572000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8DFB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8E565000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x82582000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
    0xAB2FD000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x89D10000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x825BC000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x81A09000 ACPI_HAL 208896 bytes
    0x81A09000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x824DE000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8E734000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8D544000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x8E468000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x82557000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8D5C6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8D475000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0xAB3C5000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xAB34E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x89D60000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x806E2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8E495000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x8D451000 C:\Windows\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
    0x8E5CF000 C:\Windows\system32\DRIVERS\OA009Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
    0x8279E000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x8E530000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0x89D98000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x82536000 C:\Windows\system32\drivers\dwprot.sys 135168 bytes (Doctor Web, Ltd., Dr.Web Protection for Windows)
    0x8E4DD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0xAB2BE000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xAB2DE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xAB273000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x8E6EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x908EC000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0xAB290000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0xAF12E000 C:\Users\Rukan\AppData\Local\Temp\fwtcqpoc.sys 102400 bytes
    0x8D514000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xAB336000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8E5A1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x89DCF000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x8E5B8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xAF108000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8E7B7000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x82520000 C:\Windows\system32\drivers\spiderg3.sys 90112 bytes (Doctor Web, Ltd., Dr.Web File System Monitor)
    0x8E70A000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0xAB2A9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x827C1000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x89DE6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x8E720000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8E395000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x909BC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8E552000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
    0x8E7DB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8D502000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x89D87000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8078E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x82510000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x909D9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8077E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x827D6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x8D535000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x908DD000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x89D51000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x80709000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8D400000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8D4F3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x98480000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8E7CD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8E519000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8067D000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x8E5F3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8D5B9000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
    0x827F0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8DF9F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0xAF0F4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8E4D1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xAF14E000 C:\Users\Rukan\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x8E3F5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8E3EA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8E50E000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8D5F0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x82719000 C:\Windows\system32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8D4DF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8DFAC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8071B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x908D3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x827E6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x909E9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8E7F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0xAF0EA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0xAF159000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x89DB9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x8E4BA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x82724000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8E527000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x98460000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8D4EA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8D52C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x806D1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x8E7AE000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xAF100000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
    0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8040F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x806DA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8E4FE000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8E506000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x89D49000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8E4CA000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0xAF147000 C:\Users\Rukan\AppData\Local\Temp\mbr.sys 28672 bytes
    0x8E4C3000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x8DFF5000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8D5B3000 C:\Windows\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
    0x909B6000 C:\Windows\system32\DRIVERS\packet.sys 24576 bytes (SingleClick Systems, SCS NDIS 5.0 Auto IP Protocol Driver)
    0x8E7EE000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0x8DFFB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x80718000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x8D600000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8E7F4000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x864EFA91 Unknown page with executable code, 1391 bytes
    0x89D10000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
    0x864EE288 Unknown page with executable code, 3448 bytes
    0x864F0191 Unknown page with executable code, 3695 bytes
    0x864F2E7A Unknown thread object [ ETHREAD 0x8677B020 ] TID: 272, 600 bytes
    0x864F5008 Unknown thread object [ ETHREAD 0x86781020 ] TID: 276, 600 bytes
    0x864F4CDC Unknown page with executable code, 804 bytes
  6. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    OK, we have a rootkited file.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. rukino

    rukino Newcomer, in training Topic Starter

    Here's the report!

    ComboFix 11-06-26.01 - Rukan 06/26/2011 22:34:55.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.2168 [GMT -4:00]
    Running from: c:\users\Rukan\Desktop\ComboFix.exe
    AV: Doctor Web Anti-Virus *Disabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Tarma Installer
    c:\users\Public\f08565431305cf026ba7212105c9ef8c-getty-fbl-esp-cup-real_madrid.jpg
    c:\users\Rukan\AppData\Roaming\Microsoft\Windows\Templates\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
    E:\Autorun.inf
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-27 02:42 . 2011-06-27 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-27 02:22 . 2011-06-27 02:22 -------- d-sh--w- C:\DrWeb Quarantine
    2011-06-26 13:21 . 2011-06-27 02:25 -------- d-----w- c:\programdata\Doctor Web
    2011-06-26 13:21 . 2011-06-27 02:30 -------- d-----w- c:\program files\DrWeb
    2011-06-26 13:21 . 2011-06-26 13:21 -------- d-----w- c:\program files\Common Files\Doctor Web
    2011-06-25 16:37 . 2011-06-25 16:37 -------- d-----w- c:\program files\CCleaner
    2011-06-25 16:35 . 2011-06-25 16:35 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-06-25 16:19 . 2011-06-25 16:19 -------- d-----w- c:\windows\system32\Profiles
    2011-06-25 15:37 . 2011-06-25 15:37 -------- d-----w- C:\$AVG
    2011-06-25 05:50 . 2011-06-25 05:50 -------- d--h--w- c:\programdata\Common Files
    2011-06-25 05:47 . 2011-06-26 00:27 -------- d-----w- c:\programdata\AVG10
    2011-06-25 05:44 . 2011-06-25 05:44 -------- d-----w- c:\program files\AVG
    2011-06-25 05:34 . 2011-06-25 21:44 -------- d-----w- c:\programdata\MFAData
    2011-06-24 05:44 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C625CB73-1364-431E-9975-14B0A0BE8E07}\mpengine.dll
    2011-06-23 07:00 . 2011-06-23 07:00 -------- d--h--w- c:\programdata\WindowsSearch
    2011-06-23 04:47 . 2011-06-23 04:47 -------- d--h--w- c:\programdata\Roxio
    2011-06-22 18:43 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-06-22 18:43 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-06-22 07:02 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-06-22 07:02 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-06-22 07:02 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-06-22 07:02 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-06-22 07:02 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-06-22 02:16 . 2011-06-22 02:16 -------- d-----w- c:\program files\SocialRibbons LP 1
    2011-06-22 02:16 . 2011-06-22 02:16 -------- d-----w- c:\program files\Common Files\FreeCause
    2011-06-22 02:15 . 2011-06-22 02:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-06-21 22:33 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-06-21 22:33 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-06-21 22:33 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
    2011-06-21 20:33 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2011-06-21 20:33 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2011-06-21 20:31 . 2009-07-14 16:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-06-21 20:31 . 2010-04-15 17:36 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-06-21 14:01 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-06-21 14:01 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-06-21 07:29 . 2010-04-14 17:53 80896 ----a-w- c:\windows\system32\MSNP.ax
    2011-06-21 07:29 . 2010-04-14 17:53 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-06-21 07:29 . 2010-04-14 17:53 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-06-21 07:29 . 2010-04-14 17:54 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-06-21 07:29 . 2010-04-14 17:54 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-06-21 07:20 . 2011-06-21 07:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-06-21 07:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2011-06-21 07:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2011-06-21 07:10 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
    2011-06-21 07:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2011-06-21 07:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2011-06-21 07:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2011-06-21 07:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2011-06-21 07:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2011-06-21 07:05 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2011-06-21 07:05 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
    2011-06-21 07:05 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
    2011-06-21 07:04 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
    2011-06-20 23:11 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-20 22:25 . 2011-06-20 22:25 -------- d-----w- c:\program files\uTorrent
    2011-06-20 21:52 . 2011-06-20 21:52 -------- d--h--w- c:\programdata\Blumentals
    2011-06-20 21:50 . 2011-06-20 21:50 236159 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_8096.exe
    2011-06-20 21:50 . 2011-06-20 21:50 -------- d-----w- c:\program files\Easy Gif Animator Extension
    2011-06-20 21:40 . 2011-06-25 16:38 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
    2011-06-20 21:33 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-20 21:32 . 2011-06-20 21:32 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
    2011-06-20 21:28 . 2008-05-13 21:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
    2011-06-20 21:28 . 2011-06-20 21:28 -------- d--h--w- c:\programdata\Last.fm
    2011-06-20 20:29 . 2011-06-20 20:31 -------- d-----w- c:\program files\Google
    2011-06-20 20:29 . 2011-06-20 20:29 -------- d-----r- c:\program files\Skype
    2011-06-20 19:39 . 2011-06-22 18:43 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-06-20 19:29 . 2011-06-22 18:40 -------- d--h--w- c:\programdata\Apple Computer
    2011-06-20 19:15 . 2011-06-20 19:15 -------- d--h--w- c:\programdata\Apple
    2011-06-20 17:24 . 2011-06-20 21:36 -------- d-----w- c:\program files\ManyCam
    2011-06-20 17:24 . 2011-06-20 21:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\LeeGTs Software
    2011-06-20 17:24 . 2011-06-20 22:02 -------- d-----w- c:\program files\Jasc Software Inc
    2011-06-20 17:24 . 2011-06-20 21:27 -------- d-----w- c:\program files\Last.fm
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\Lame for Audacity
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\Hitachi
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\Griffin Technology
    2011-06-20 17:24 . 2011-06-21 15:03 -------- d-----w- c:\program files\GIMP-2.0
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\Free M4a to MP3 Converter
    2011-06-20 17:24 . 2011-06-20 17:24 -------- d-----w- c:\program files\Electronic Arts
    2011-06-20 17:24 . 2011-06-20 21:52 -------- d-----w- c:\program files\Easy GIF Animator
    2011-06-20 17:22 . 2011-06-22 18:40 -------- d-----w- c:\program files\Common Files\Apple
    2011-06-20 17:22 . 2011-06-20 17:22 -------- d-----w- c:\program files\CamStudio
    2011-06-20 17:22 . 2011-06-20 19:17 -------- d-----w- c:\program files\Bonjour
    2011-06-20 17:22 . 2011-06-20 17:22 -------- d-----w- c:\program files\AviSynth 2.5
    2011-06-20 17:22 . 2011-06-20 19:28 -------- d-----w- c:\program files\Apple Software Update
    2011-06-20 17:22 . 2011-06-20 17:22 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-06-20 17:22 . 2011-06-20 17:22 -------- d-----w- c:\program files\Ape Ripper
    2011-06-20 17:22 . 2011-06-20 17:22 -------- d-----w- c:\program files\Alwil Software
    2011-06-20 17:21 . 2011-06-20 17:21 -------- d-----w- C:\.hitachi-lifestudio
    2011-06-20 14:48 . 2011-06-20 14:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-20 14:34 . 2011-06-20 14:34 -------- d-----w- c:\program files\Active Data Recovery Software
    2011-06-20 13:33 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
    2011-06-20 13:33 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2011-06-20 13:33 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
    2011-06-20 13:31 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
    2011-06-20 13:30 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-20 13:29 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
    2011-06-20 13:28 . 2010-08-20 15:21 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2011-06-20 13:27 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
    2011-06-20 13:26 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-20 04:52 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
    2011-06-20 04:52 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
    2011-06-20 04:47 . 2011-06-20 04:47 -------- d--h--w- c:\programdata\AIM
    2011-06-20 04:47 . 2011-06-20 04:47 -------- d-----w- c:\program files\AIM
    2011-06-20 04:47 . 2011-06-20 04:47 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-06-20 04:47 . 2011-06-20 04:47 -------- d-----w- c:\program files\Common Files\AOL
    2011-06-20 04:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2011-06-20 04:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2011-06-20 04:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2011-06-20 04:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2011-06-20 04:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
    2011-06-20 04:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
    2011-06-20 04:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
    2011-06-20 04:44 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2011-06-20 04:44 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-06-20 04:42 . 2011-06-20 04:42 -------- d-sh--w- C:\System Recovery
    2011-06-20 04:40 . 2011-06-26 04:15 -------- d--h--w- c:\users\Rukan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-06-24 02:25 . 2011-06-20 13:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{edc8d02a-7ae5-1094-ddc0-16d2381944d0}"= "c:\program files\SocialRibbons LP 1\Helper.dll" [2011-06-22 357376]
    .
    [HKEY_CLASSES_ROOT\clsid\{edc8d02a-7ae5-1094-ddc0-16d2381944d0}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CB2E98F0-4C63-E014-C5EC-9B05E6EE3F67}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F3D5040-D8E1-F5B4-150E-F532A5F23615}]
    2011-06-22 02:16 1534976 ----a-w- c:\program files\SocialRibbons LP 1\Toolbar.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123]
    "Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
    .
    c:\users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-6-6 53248]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-06-06 05:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 SysProtDrv.sys;SysProtDrv.sys;c:\users\Rukan\Desktop\SysProt\SysProt\SysProtDrv.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 SftService;SoftThinks Agent Service;c:\windows\SMINST\sftservice.EXE [2009-02-23 632048]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
    S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 20:29]
    .
    2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 20:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\jk9b0yby.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{c5ba4085-a224-412a-b91f-08543f6212ec} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{C5BA4085-A224-412A-B91F-08543F6212EC} - (no file)
    HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-26 22:42
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    Completion time: 2011-06-26 22:49:12
    ComboFix-quarantined-files.txt 2011-06-27 02:49
    .
    Pre-Run: 81,999,654,912 bytes free
    Post-Run: 81,767,133,184 bytes free
    .
    - - End Of File - - 6915FA09056853035002CCB65102E411
  8. rukino

    rukino Newcomer, in training Topic Starter

    Google has stopped being redirected, and the iexplore processes aren't coming up anymore! However, my start menu and quick launch are still empty, but those are things I can just manually re-add, right?

    Thank you so much for your help.
  9. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Good news :)

    You never told me about it.
    Let's see, if we can recover your missing features.
    Download and run UnHide

    Also, give me fresh RKUnhooker log.
  10. rukino

    rukino Newcomer, in training Topic Starter

    Sorry about that! I figured out how to get my hidden folders back yesterday and forgot to mention it. Unhide worked though, and everything is back.

    Here's the new log

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6001 (Service Pack 1)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8DC06000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9428992 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
    0x81A06000 C:\Windows\system32\ntkrnlpa.exe 3911680 bytes (Microsoft Corporation, NT Kernel & System)
    0x81A06000 PnpManager 3911680 bytes
    0x81A06000 RAW 3911680 bytes
    0x81A06000 WMIxWDM 3911680 bytes
    0x97EB0000 Win32k 2109440 bytes
    0x97EB0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8E604000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
    0x89C0A000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
    0x89A0C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8E824000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
    0x804C4000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0xAB4DA000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x8D800000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes
    0x8980A000 C:\Windows\system32\drivers\iastor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
    0x93005000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
    0x8E504000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x89925000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x93168000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8078A000 C:\Windows\system32\DRIVERS\stwrt.sys 413696 bytes (IDT, Inc., IDT PC Audio)
    0x8040A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0xAB44B000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x8E74C000 C:\Windows\system32\DRIVERS\yk60x86.sys 315392 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
    0x80730000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8E984000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80687000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8E7AC000 C:\Windows\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
    0x8ECC9000 C:\Windows\system32\DRIVERS\OA009Vid.sys 270336 bytes (Creative Technology Ltd., Video Capture Device Driver)
    0x80483000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8D970000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8E5BB000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8EC40000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x89B42000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x8EDB3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x89D19000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x89996000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x81DC1000 ACPI_HAL 208896 bytes
    0x81DC1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x898DA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8E952000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8D942000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x899CB000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x89B17000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8D9C9000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x93121000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0xAB4B2000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xAB423000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x89D69000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x806DE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x805A4000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x8ED2F000 C:\Windows\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
    0x8ED0B000 C:\Windows\system32\DRIVERS\OA009Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
    0x89B7C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x8EC18000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0x89DA1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x805C9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x930E8000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x8ED94000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x931D5000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x8E90D000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x8ED79000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x930BA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8D912000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xAB40B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8EC86000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x89DD8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x8ECB2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xAB5D6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8E9CC000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8E928000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x930D3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x89BB3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x89B9F000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x8E93E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8E799000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x93155000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8EC9D000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
    0x8EC05000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8D8F5000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x89D90000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x89BE5000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x8046A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8990C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x93111000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8077A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x89BC8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x8D933000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x8ED6A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x89D5A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x80705000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x89DEF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8D8E6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x80721000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x980F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8E9E2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8E80D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x80679000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x8ED53000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8D9BC000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
    0x89BD8000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8E5A3000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0xAB5C2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x807EF000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8D907000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8E7EE000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x805EA000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8D9F3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8D9B1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8D8D2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8E5B0000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x80717000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8ED60000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x89C00000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x9314B000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8EC7C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0xAB5B8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0xAB402000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x89DC2000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x89BF6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8991C000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8E81B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x980D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8D8DD000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8D92A000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x806CD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xAB5CE000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
    0x8047B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0xAB5EC000 C:\Users\Rukan\AppData\Local\Temp\catchme.sys 32768 bytes
    0x80402000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x806D6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x89800000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x80600000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x89D52000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x899F8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x89A00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x8E7F9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8E5F9000 C:\Windows\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
    0x930B4000 C:\Windows\system32\DRIVERS\packet.sys 24576 bytes (SingleClick Systems, SCS NDIS 5.0 Auto IP Protocol Driver)
    0x8EC3A000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0x8E600000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x80714000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0xAB5F4000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
    0x8DC00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8ECB0000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
  11. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Very good :)

    Couple more scans, just to make sure....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  12. rukino

    rukino Newcomer, in training Topic Starter

    OTL logfile created on: 6/27/2011 12:50:26 AM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Rukan\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.77% Memory free
    6.12 Gb Paging File | 4.91 Gb Available in Paging File | 80.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 218.20 Gb Total Space | 76.15 Gb Free Space | 34.90% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 4.12 Gb Free Space | 28.14% Space Free | Partition Type: NTFS

    Computer Name: RICKSCOMP | User Name: Rukan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/27 00:39:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rukan\Desktop\OTL.exe
    PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
    PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
    PRC - [2009/06/06 04:11:28 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2009/04/01 03:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
    PRC - [2009/04/01 03:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
    PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2009/02/23 10:49:48 | 000,402,672 | ---- | M] () -- C:\WINDOWS\SMINST\Components\scheduler\STService.exe
    PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\SftService.exe
    PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/09 14:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    PRC - [2009/01/05 18:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
    PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/27 00:39:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rukan\Desktop\OTL.exe
    MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/06/06 01:49:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/04/01 03:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
    SRV - [2009/04/01 03:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
    SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\WINDOWS\SMINST\sftservice.EXE -- (SftService)
    SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
    SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/04/01 03:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/12/30 22:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/09/03 04:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA009Vid.sys -- (OA009Vid)
    DRV - [2008/09/03 04:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
    DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\packet.sys -- (Packet)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\..\URLSearchHook: {edc8d02a-7ae5-1094-ddc0-16d2381944d0} - C:\Program Files\SocialRibbons LP 1\Helper.dll ()
    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 22:25:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/06/20 09:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Extensions
    [2011/06/21 22:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\jk9b0yby.default\extensions
    [2011/06/21 22:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions
    [2011/06/20 13:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
    [2011/06/20 13:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
    [2011/06/20 13:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\{D469DA71-A9C6-48f1-B86E-67313AADB588}
    [2011/06/20 13:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/06/20 13:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\giorgio@gilestro.tk
    [2011/06/20 13:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukan\AppData\Roaming\Mozilla\Firefox\Profiles\one3d0cl.default\extensions\SkipScreen@SkipScreen
    [2011/06/20 17:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/06/20 16:29:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) --
    () (No name found) -- C:\USERS\RUKAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JK9B0YBY.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI
    [2011/06/22 03:05:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/06/23 22:25:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/06/26 22:42:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
    O3 - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-2372807510-1937129841-460533832-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Components\scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2372807510-1937129841-460533832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Rukan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rukan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/27 00:39:37 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Rukan\Desktop\OTL.exe
    [2011/06/26 22:49:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/26 22:49:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/26 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\temp
    [2011/06/26 22:31:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/26 22:31:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/26 22:31:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/26 22:25:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/26 22:24:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/06/26 22:22:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/26 22:22:18 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
    [2011/06/26 22:18:14 | 004,126,959 | R--- | C] (Swearware) -- C:\Users\Rukan\Desktop\ComboFix.exe
    [2011/06/26 22:06:00 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Rukan\Desktop\aswMBR.exe
    [2011/06/26 20:40:56 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Rukan\Desktop\dds.scr
    [2011/06/26 18:39:11 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\jilbo.exe
    [2011/06/26 10:10:56 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Desktop\tdsskiller
    [2011/06/26 10:08:01 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\tdsskiller.exe
    [2011/06/26 09:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
    [2011/06/26 09:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
    [2011/06/26 09:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
    [2011/06/26 09:17:48 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Downloaded Installations
    [2011/06/26 09:08:05 | 138,597,296 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Rukan\Desktop\drweb-600-win-space-x86.exe
    [2011/06/26 00:15:56 | 000,000,000 | ---D | C] -- C:\Users\Rukan\DoctorWeb
    [2011/06/25 20:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/06/25 12:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/06/25 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/06/25 12:35:00 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/06/25 12:19:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Profiles
    [2011/06/25 11:37:28 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/06/25 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\AVG10
    [2011/06/25 01:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
    [2011/06/25 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2011/06/25 01:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/06/25 01:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/06/23 03:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/06/23 00:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
    [2011/06/23 00:47:04 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Roxio
    [2011/06/22 14:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/06/21 22:16:17 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SocialRibbons LP 1
    [2011/06/21 22:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\SocialRibbons LP 1
    [2011/06/21 22:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
    [2011/06/21 22:15:55 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Conduit
    [2011/06/21 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Creative
    [2011/06/21 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\gtk-2.0
    [2011/06/21 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\gegl-0.0
    [2011/06/21 11:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    [2011/06/21 10:58:05 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Jasc
    [2011/06/21 03:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/06/20 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2011/06/20 18:25:00 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\uTorrent
    [2011/06/20 18:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
    [2011/06/20 17:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blumentals
    [2011/06/20 17:50:44 | 000,236,159 | ---- | C] (Karlis Blumentals) -- C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_8096.exe
    [2011/06/20 17:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Gif Animator Extension
    [2011/06/20 17:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Gif Animator Extension
    [2011/06/20 17:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/06/20 17:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/06/20 17:37:21 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
    [2011/06/20 17:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
    [2011/06/20 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\ManyCam
    [2011/06/20 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\ManyCam
    [2011/06/20 17:33:27 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/06/20 17:32:58 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\SUPERAntiSpyware.com
    [2011/06/20 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/06/20 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/06/20 17:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
    [2011/06/20 17:27:23 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Last.fm
    [2011/06/20 17:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
    [2011/06/20 16:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/06/20 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/06/20 16:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/06/20 16:29:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2011/06/20 15:46:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
    [2011/06/20 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Rukan\stuff
    [2011/06/20 15:39:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2011/06/20 15:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/06/20 15:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/06/20 15:28:39 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Apple
    [2011/06/20 15:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2011/06/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\StaarTrek
    [2011/06/20 15:06:51 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\Harry Potter II
    [2011/06/20 15:06:36 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\French
    [2011/06/20 15:06:36 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\Downloads
    [2011/06/20 15:05:51 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\Dell WebCam Central
    [2011/06/20 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\CyberLink
    [2011/06/20 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\ActiveGSLocalData
    [2011/06/20 15:05:40 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Documents\AIMLogger
    [2011/06/20 15:04:03 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Dexter
    [2011/06/20 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Desktop\ssh
    [2011/06/20 15:00:45 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Desktop\pics from today
    [2011/06/20 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Desktop\hawt footballers
    [2011/06/20 14:00:13 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\vlc
    [2011/06/20 13:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/06/20 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
    [2011/06/20 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\Rukan\Desktop\Random Desktop Stuff
    [2011/06/20 13:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Skype
    [2011/06/20 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/06/20 13:26:18 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Malwarebytes
    [2011/06/20 13:26:18 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\CyberLink
    [2011/06/20 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Apple Computer
    [2011/06/20 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\.minecraft
    [2011/06/20 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\The Weather Channel
    [2011/06/20 13:26:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\SupportSoft
    [2011/06/20 13:26:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Opera
    [2011/06/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Google
    [2011/06/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\BuildAGadget Content
    [2011/06/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Apple Computer
    [2011/06/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Adobe
    [2011/06/20 13:25:59 | 000,000,000 | ---D | C] -- C:\Users\Rukan\.thumbnails
    [2011/06/20 13:25:59 | 000,000,000 | ---D | C] -- C:\Users\Rukan\.gimp-2.6
    [2011/06/20 13:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\acccore
    [2011/06/20 13:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/06/20 13:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/20 13:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
    [2011/06/20 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitachi GST
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    [2011/06/20 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011/06/20 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
    [2011/06/20 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
    [2011/06/20 13:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/06/20 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2011/06/20 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
    [2011/06/20 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(22)
    [2011/06/20 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(21)
    [2011/06/20 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/06/20 13:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2011/06/20 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
    [2011/06/20 13:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\TidySongs
    [2011/06/20 13:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
    [2011/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\SoftMaker Viewer
    [2011/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\RealMadrid
    [2011/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/06/20 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\PicLensIE
    [2011/06/20 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows
    [2011/06/20 13:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2011/06/20 13:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\OpenCanvas 1.1b72 EN
    [2011/06/20 13:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
    [2011/06/20 13:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mirillis
    [2011/06/20 13:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
    [2011/06/20 13:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/06/20 13:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGTs Software
    [2011/06/20 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
    [2011/06/20 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
    [2011/06/20 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
    [2011/06/20 13:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hitachi
    [2011/06/20 13:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Griffin Technology
    [2011/06/20 13:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
    [2011/06/20 13:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
    [2011/06/20 13:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
    [2011/06/20 13:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Easy GIF Animator
    [2011/06/20 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/06/20 13:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
    [2011/06/20 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/06/20 13:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
    [2011/06/20 13:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
    [2011/06/20 13:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/06/20 13:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ape Ripper
    [2011/06/20 13:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011/06/20 13:21:07 | 000,000,000 | ---D | C] -- C:\.hitachi-lifestudio
    [2011/06/20 10:35:29 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Apps
    [2011/06/20 10:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ UNDELETE 7 Enterprise
    [2011/06/20 10:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Active Data Recovery Software
    [2011/06/20 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\WinRAR
    [2011/06/20 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/06/20 10:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/06/20 10:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/06/20 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Mozilla
    [2011/06/20 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Mozilla
    [2011/06/20 09:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/06/20 01:34:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2011/06/20 00:47:45 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Macromedia
    [2011/06/20 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\acccore
    [2011/06/20 00:47:43 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\AOL
    [2011/06/20 00:47:43 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\AIM
    [2011/06/20 00:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
    [2011/06/20 00:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
    [2011/06/20 00:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2011/06/20 00:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2011/06/20 00:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2011/06/20 00:45:33 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Adobe
    [2011/06/20 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\Rukan\My Backup Files
    [2011/06/20 00:43:51 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\DataSafeOnline
    [2011/06/20 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\PowerDVD DX
    [2011/06/20 00:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Searches
    [2011/06/20 00:43:14 | 000,000,000 | R--D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/06/20 00:43:06 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Identities
    [2011/06/20 00:43:04 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Contacts
    [2011/06/20 00:42:57 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\VirtualStore
    [2011/06/20 00:42:32 | 000,000,000 | -HSD | C] -- C:\System Recovery
    [2011/06/20 00:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Dell
    [2011/06/20 00:40:15 | 000,000,000 | --SD | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Videos
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Saved Games
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Pictures
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Music
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Links
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Favorites
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Downloads
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Documents
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\Desktop
    [2011/06/20 00:40:15 | 000,000,000 | R--D | C] -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\AppData\Local\Temporary Internet Files
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Templates
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Start Menu
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\SendTo
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Recent
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\PrintHood
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\NetHood
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Documents\My Videos
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Documents\My Pictures
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Documents\My Music
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\My Documents
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Local Settings
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\AppData\Local\History
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Cookies
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\Application Data
    [2011/06/20 00:40:15 | 000,000,000 | -HSD | C] -- C:\Users\Rukan\AppData\Local\Application Data
    [2011/06/20 00:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\SoftThinks
    [2011/06/20 00:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Local\Microsoft
    [2011/06/20 00:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\Media Center Programs
    [2011/06/20 00:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
    [2011/06/20 00:36:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
  13. rukino

    rukino Newcomer, in training Topic Starter

    ========== Files - Modified Within 30 Days ==========

    [2011/06/27 00:39:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rukan\Desktop\OTL.exe
    [2011/06/27 00:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/27 00:30:46 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/27 00:30:46 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/27 00:07:27 | 000,048,640 | ---- | M] () -- C:\Users\Rukan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/26 23:41:24 | 000,684,297 | ---- | M] () -- C:\Users\Rukan\Desktop\unhide.exe
    [2011/06/26 22:52:23 | 000,001,684 | ---- | M] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2011/06/26 22:52:17 | 000,000,860 | ---- | M] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/06/26 22:52:11 | 000,001,716 | ---- | M] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/06/26 22:49:15 | 000,002,461 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
    [2011/06/26 22:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/26 22:38:48 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/26 22:38:48 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/26 22:30:55 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/26 22:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/26 22:30:40 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/26 22:18:22 | 004,126,959 | R--- | M] (Swearware) -- C:\Users\Rukan\Desktop\ComboFix.exe
    [2011/06/26 22:07:36 | 000,139,264 | ---- | M] () -- C:\Users\Rukan\Desktop\RKUnhookerLE.EXE
    [2011/06/26 22:07:17 | 000,000,512 | ---- | M] () -- C:\Users\Rukan\Desktop\MBR.dat
    [2011/06/26 22:06:26 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Rukan\Desktop\aswMBR.exe
    [2011/06/26 21:53:29 | 001,309,375 | ---- | M] () -- C:\Users\Rukan\Desktop\tdsskiller.zip
    [2011/06/26 20:40:59 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Rukan\Desktop\dds.scr
    [2011/06/26 19:01:49 | 000,001,134 | ---- | M] () -- C:\Users\Rukan\Desktop\FixNCR.reg
    [2011/06/26 18:56:25 | 000,063,182 | ---- | M] () -- C:\Users\Rukan\Desktop\59Iuk.jpg
    [2011/06/26 18:39:12 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\jilbo.exe
    [2011/06/26 18:29:56 | 159,957,283 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/06/26 18:28:57 | 001,007,120 | ---- | M] () -- C:\Users\Rukan\Desktop\rkill.scr
    [2011/06/26 10:09:12 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\tdsskiller.exe
    [2011/06/26 09:47:59 | 000,000,781 | ---- | M] () -- C:\Users\Rukan\Desktop\ihuhju.lnk
    [2011/06/26 09:15:58 | 138,597,296 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Rukan\Desktop\drweb-600-win-space-x86.exe
    [2011/06/26 01:16:49 | 000,000,680 | ---- | M] () -- C:\Users\Rukan\AppData\Local\d3d9caps.dat
    [2011/06/26 00:15:05 | 068,195,944 | ---- | M] () -- C:\Users\Rukan\Desktop\4m3t2pry.exe
    [2011/06/26 00:06:12 | 042,730,616 | ---- | M] () -- C:\Users\Rukan\Desktop\4k8t247w.exe
    [2011/06/25 22:30:22 | 000,087,360 | ---- | M] () -- C:\Users\Rukan\Desktop\gmer.wmv
    [2011/06/25 22:26:49 | 000,302,592 | ---- | M] () -- C:\Users\Rukan\Desktop\uvvpb1qu.exe
    [2011/06/25 21:16:39 | 000,509,940 | ---- | M] () -- C:\Users\Rukan\Desktop\tumblr_ln0v0k4JSO1qifq5uo1_400.gif
    [2011/06/25 20:12:21 | 005,017,292 | ---- | M] () -- C:\Users\Rukan\Desktop\lucas-scott_o_GIFSoup.com.gif
    [2011/06/25 20:02:27 | 001,258,109 | ---- | M] () -- C:\Users\Rukan\Desktop\oth-1_o_GIFSoup.com.gif
    [2011/06/25 19:58:30 | 000,008,378 | ---- | M] () -- C:\Users\Rukan\Desktop\_40008136_chad_michael_murray150_wb-700950.jpeg
    [2011/06/25 17:32:23 | 000,295,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/06/25 12:35:00 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/06/25 12:19:36 | 000,000,079 | ---- | M] () -- C:\Windows\System32\d9f3895a-de9b-41c1-878b-920b0ad19376.12.lrf
    [2011/06/25 12:19:34 | 000,000,078 | ---- | M] () -- C:\Windows\System32\7b5764e6-6536-4fbe-8376-7b3ed3f06f3a.12.lrf
    [2011/06/25 11:35:47 | 000,000,036 | ---- | M] () -- C:\Users\Rukan\AppData\Local\housecall.guid.cache
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/25 02:40:29 | 000,000,544 | ---- | M] () -- C:\Windows\wininit.ini
    [2011/06/23 12:02:50 | 000,001,524 | -HS- | M] () -- C:\Users\Rukan\AppData\Local\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
    [2011/06/23 12:02:50 | 000,001,524 | -HS- | M] () -- C:\ProgramData\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
    [2011/06/21 16:33:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
    [2011/06/21 16:33:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2011/06/21 12:17:41 | 000,003,332 | ---- | M] () -- C:\Users\Rukan\.recently-used.xbel
    [2011/06/20 17:50:44 | 000,236,159 | ---- | M] (Karlis Blumentals) -- C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_8096.exe
    [2011/06/20 15:51:43 | 253,957,301 | ---- | M] () -- C:\Users\Rukan\Documents\Disk Scan 2011-06-20_03424.scan
    [2011/06/20 15:42:34 | 000,000,248 | ---- | M] () -- C:\Users\Rukan\Documents\Application Session 2011-06-20_03411.usf
    [2011/06/20 15:42:33 | 000,054,277 | ---- | M] () -- C:\Users\Rukan\Documents\hddinfo_default.xml
    [2011/06/20 01:35:45 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2011/06/20 00:47:45 | 000,000,374 | ---- | M] () -- C:\IPH.PH
    [2011/06/20 00:40:25 | 000,001,815 | ---- | M] () -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/26 23:41:23 | 000,684,297 | ---- | C] () -- C:\Users\Rukan\Desktop\unhide.exe
    [2011/06/26 22:52:23 | 000,001,684 | ---- | C] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2011/06/26 22:52:17 | 000,000,860 | ---- | C] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/06/26 22:52:11 | 000,001,716 | ---- | C] () -- C:\Users\Rukan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/06/26 22:31:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/26 22:31:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/26 22:31:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/26 22:31:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/26 22:31:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/26 22:07:36 | 000,139,264 | ---- | C] () -- C:\Users\Rukan\Desktop\RKUnhookerLE.EXE
    [2011/06/26 22:07:17 | 000,000,512 | ---- | C] () -- C:\Users\Rukan\Desktop\MBR.dat
    [2011/06/26 20:14:07 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/26 19:01:47 | 000,001,134 | ---- | C] () -- C:\Users\Rukan\Desktop\FixNCR.reg
    [2011/06/26 18:56:25 | 000,063,182 | ---- | C] () -- C:\Users\Rukan\Desktop\59Iuk.jpg
    [2011/06/26 18:28:56 | 001,007,120 | ---- | C] () -- C:\Users\Rukan\Desktop\rkill.scr
    [2011/06/26 10:10:44 | 001,309,375 | ---- | C] () -- C:\Users\Rukan\Desktop\tdsskiller.zip
    [2011/06/26 09:47:59 | 000,000,781 | ---- | C] () -- C:\Users\Rukan\Desktop\ihuhju.lnk
    [2011/06/26 00:11:01 | 068,195,944 | ---- | C] () -- C:\Users\Rukan\Desktop\4m3t2pry.exe
    [2011/06/26 00:04:57 | 042,730,616 | ---- | C] () -- C:\Users\Rukan\Desktop\4k8t247w.exe
    [2011/06/25 22:30:17 | 000,087,360 | ---- | C] () -- C:\Users\Rukan\Desktop\gmer.wmv
    [2011/06/25 22:26:45 | 000,302,592 | ---- | C] () -- C:\Users\Rukan\Desktop\uvvpb1qu.exe
    [2011/06/25 21:16:35 | 000,509,940 | ---- | C] () -- C:\Users\Rukan\Desktop\tumblr_ln0v0k4JSO1qifq5uo1_400.gif
    [2011/06/25 20:27:07 | 159,957,283 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/06/25 20:12:16 | 005,017,292 | ---- | C] () -- C:\Users\Rukan\Desktop\lucas-scott_o_GIFSoup.com.gif
    [2011/06/25 20:02:26 | 001,258,109 | ---- | C] () -- C:\Users\Rukan\Desktop\oth-1_o_GIFSoup.com.gif
    [2011/06/25 19:58:28 | 000,008,378 | ---- | C] () -- C:\Users\Rukan\Desktop\_40008136_chad_michael_murray150_wb-700950.jpeg
    [2011/06/25 12:19:36 | 000,000,079 | ---- | C] () -- C:\Windows\System32\d9f3895a-de9b-41c1-878b-920b0ad19376.12.lrf
    [2011/06/25 12:19:34 | 000,000,078 | ---- | C] () -- C:\Windows\System32\7b5764e6-6536-4fbe-8376-7b3ed3f06f3a.12.lrf
    [2011/06/25 11:35:47 | 000,000,036 | ---- | C] () -- C:\Users\Rukan\AppData\Local\housecall.guid.cache
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2011/06/25 02:40:29 | 000,000,544 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/23 12:19:40 | 000,000,680 | ---- | C] () -- C:\Users\Rukan\AppData\Local\d3d9caps.dat
    [2011/06/23 11:44:26 | 000,001,524 | -HS- | C] () -- C:\Users\Rukan\AppData\Local\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
    [2011/06/23 11:44:26 | 000,001,524 | -HS- | C] () -- C:\ProgramData\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
    [2011/06/21 16:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
    [2011/06/21 16:33:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2011/06/21 16:33:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    [2011/06/21 12:17:41 | 000,003,332 | ---- | C] () -- C:\Users\Rukan\.recently-used.xbel
    [2011/06/21 03:02:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
    [2011/06/21 03:02:38 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
    [2011/06/21 03:02:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
    [2011/06/20 16:30:16 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/20 16:30:16 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/20 15:42:34 | 253,957,301 | ---- | C] () -- C:\Users\Rukan\Documents\Disk Scan 2011-06-20_03424.scan
    [2011/06/20 15:42:32 | 000,054,277 | ---- | C] () -- C:\Users\Rukan\Documents\hddinfo_default.xml
    [2011/06/20 15:42:31 | 000,000,248 | ---- | C] () -- C:\Users\Rukan\Documents\Application Session 2011-06-20_03411.usf
    [2011/06/20 15:28:19 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/06/20 13:27:19 | 000,048,640 | ---- | C] () -- C:\Users\Rukan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/20 09:52:13 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/06/20 09:31:55 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2011/06/20 00:47:18 | 000,000,374 | ---- | C] () -- C:\IPH.PH
    [2011/06/20 00:43:16 | 000,000,951 | ---- | C] () -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/06/20 00:43:13 | 000,000,946 | ---- | C] () -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/06/20 00:43:04 | 000,000,917 | ---- | C] () -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2011/06/20 00:40:25 | 000,001,815 | ---- | C] () -- C:\Users\Rukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    [2009/08/23 23:36:55 | 000,031,007 | ---- | C] () -- C:\Users\Rukan\AppData\Roaming\UserTile.png
    [2009/06/06 04:17:37 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2009/06/06 04:17:37 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2009/06/06 04:17:37 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
    [2009/06/06 04:17:37 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2009/06/06 04:13:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/06/06 04:13:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/06/06 01:52:59 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
    [2009/06/06 01:52:59 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
    [2009/06/06 01:52:59 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
    [2009/06/06 01:52:59 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
    [2009/06/06 01:52:59 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
    [2009/06/06 01:52:59 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
    [2009/06/06 01:52:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
    [2009/06/06 01:52:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
    [2009/06/06 01:52:59 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
    [2009/06/06 01:52:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
    [2009/06/06 01:52:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
    [2009/06/06 01:52:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
    [2009/06/06 01:52:58 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
    [2009/06/06 01:52:58 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
    [2009/06/06 01:52:58 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
    [2009/06/06 01:52:58 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
    [2009/06/06 01:52:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
    [2009/06/06 01:52:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
    [2009/06/06 01:52:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009/06/06 01:52:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
    [2009/06/06 01:52:57 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
    [2009/06/06 01:52:55 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
    [2009/06/06 01:52:55 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
    [2009/06/06 01:38:30 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2009/06/06 01:38:29 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2009/06/06 01:38:29 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2009/06/06 01:31:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/06/20 13:26:17 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\.minecraft
    [2011/06/20 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\acccore
    [2011/06/25 01:53:32 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\AVG10
    [2011/06/21 12:17:41 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\gtk-2.0
    [2011/06/21 10:58:05 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\Jasc
    [2011/06/20 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\ManyCam
    [2011/06/20 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
    [2011/06/25 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\Rukan\AppData\Roaming\uTorrent
    [2011/06/26 22:29:58 | 000,013,436 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
    [2011/06/17 03:25:32 | 000,032,616 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU[1].TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2011/06/26 22:49:13 | 000,020,109 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/06/06 04:17:46 | 000,003,688 | R--- | M] () -- C:\dell.sdr
    [2011/06/26 22:30:40 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/20 00:47:45 | 000,000,374 | ---- | M] () -- C:\IPH.PH
    [2011/06/25 02:55:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/06/26 22:30:36 | 3495,567,360 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
    [2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
    [2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/26 00:06:12 | 042,730,616 | ---- | M] () -- C:\Users\Rukan\Desktop\4k8t247w.exe
    [2011/06/26 00:15:05 | 068,195,944 | ---- | M] () -- C:\Users\Rukan\Desktop\4m3t2pry.exe
    [2011/06/26 22:06:26 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Rukan\Desktop\aswMBR.exe
    [2011/06/26 22:18:22 | 004,126,959 | R--- | M] (Swearware) -- C:\Users\Rukan\Desktop\ComboFix.exe
    [2011/06/26 09:15:58 | 138,597,296 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Rukan\Desktop\drweb-600-win-space-x86.exe
    [2011/06/26 18:39:12 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\jilbo.exe
    [2011/06/27 00:39:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rukan\Desktop\OTL.exe
    [2011/06/26 22:07:36 | 000,139,264 | ---- | M] () -- C:\Users\Rukan\Desktop\RKUnhookerLE.EXE
    [2011/06/26 10:09:12 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rukan\Desktop\tdsskiller.exe
    [2011/06/26 23:41:24 | 000,684,297 | ---- | M] () -- C:\Users\Rukan\Desktop\unhide.exe
    [2011/06/25 22:26:49 | 000,302,592 | ---- | M] () -- C:\Users\Rukan\Desktop\uvvpb1qu.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/06/05 20:25:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\security\database\edb.chk
    [2009/06/05 20:24:37 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edb.log
    [2009/06/05 20:24:37 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00001.jrs
    [2009/06/05 20:24:37 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00002.jrs
    [2009/06/05 20:24:37 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbtmp.log
    [2009/06/05 20:24:37 | 001,056,768 | ---- | M] () -- C:\WINDOWS\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/20 00:43:14 | 000,000,402 | -HS- | M] () -- C:\Users\Rukan\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/23 12:02:50 | 000,001,524 | -HS- | M] () -- C:\ProgramData\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >

    (second half, it didn't all fit)
     
  14. rukino

    rukino Newcomer, in training Topic Starter

    And here's Extras.txt

    OTL Extras logfile created on: 6/27/2011 12:50:26 AM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Rukan\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.77% Memory free
    6.12 Gb Paging File | 4.91 Gb Available in Paging File | 80.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 218.20 Gb Total Space | 76.15 Gb Free Space | 34.90% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 4.12 Gb Free Space | 28.14% Space Free | Partition Type: NTFS

    Computer Name: RICKSCOMP | User Name: Rukan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe ()
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2372807510-1937129841-460533832-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{239B0516-5809-4348-B73E-0A8FFC547BE2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2D96D06F-FD81-4883-83E2-000AE4E8B44A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0537C655-2AB3-4E0C-9984-014F081C683D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{12B15CA2-7D9C-4111-AA84-DF09490FAAA3}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
    "{14CD99EA-15D7-45A7-B63A-4ACE3ADA4F6B}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{1B8BCAEF-5790-44AA-85A9-6E90DFA94940}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1D437C91-F4E9-4A8D-88E1-AB2DD705D1D0}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{1D80DF32-1C27-4B4E-BF7A-A4A09E9C8DAE}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{3106AEFE-BFC1-4B5D-9020-6BA15CCF8EA0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{39D33749-695E-4165-A88D-8F2AE0BF7089}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{401BF0D1-8972-409A-9C7A-6C2099506FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{48310C86-1E9F-4916-87C2-66EB491B551B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{5072F73F-28B0-4CF1-8129-489F3CC0A33D}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "{568E180B-7D44-4828-9F3C-D7D306555E47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{644832DA-F925-4E3D-B0F0-AFFA6FEE875B}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "{6561CF5A-51C2-4E19-BB92-C3F61A42E5C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{69B0286B-D83B-4679-9C84-06CB5D675B6C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{75203C7C-7D98-4886-93DF-01F00F01D31A}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
    "{7C67BD40-FD10-4346-9E66-E5C0F3525EFC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{8130920B-82F2-4F69-AB91-0BF43E50FE69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{87271AAF-3500-4867-A745-69D0A3E84FEF}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{90329586-A435-442D-9AFF-E4D366BCBAC9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{915B2358-86BB-40AA-829B-A2DB9B65FCC1}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{A9DCBB1D-A778-45FE-9925-84AFB02A712E}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{C1FAEFAF-48DF-44A7-86F1-5F56EB11886B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{C603EFC6-82E9-4422-B190-6E2086F0366C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{CA62C2C4-8799-4ED0-834D-4F5334728CBE}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D76584D3-DB81-45E7-AF7A-50BA5761C8CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E0E38F96-A145-4104-B5C1-60C338667E3E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "TCP Query User{4747F929-7F1B-4711-8CA5-CE8CF5AC82D4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{2886EB9A-90F9-4534-8A70-5FD0029D0D8B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Active@ UNDELETE 7 Enterprise" = Active@ UNDELETE 7 Enterprise
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AIM_7" = AIM 7
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "Easy Gif Animator Extension" = Easy Gif Animator Extension
    "Easy GIF Animator_is1" = Easy GIF Animator 5.1
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "ManyCam" = ManyCam 2.6.55 (remove only)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "SocialRibbons LP 1" = SocialRibbons LP 1
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SopCast" = SopCast 3.4.0
    "TVWiz" = Intel(R) TV Wizard
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.10
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/25/2011 3:14:42 AM | Computer Name = rickscomp | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
    0x4db02c95, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x43e856c8, process id 0x14b0, application start time
    0x01cc330728ba8b07.

    Error - 6/25/2011 4:04:30 AM | Computer Name = rickscomp | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
    0x4db02c95, faulting module urlmon.dll, version 7.0.6001.18639, time stamp 0x4db04689,
    exception code 0xc0000005, fault offset 0x0005ab52, process id 0x19c0, application
    start time 0x01cc330deab43b17.

    Error - 6/25/2011 11:28:32 AM | Computer Name = rickscomp | Source = WinMgmt | ID = 10
    Description =

    Error - 6/25/2011 12:17:28 PM | Computer Name = rickscomp | Source = WinMgmt | ID = 10
    Description =

    Error - 6/25/2011 12:19:20 PM | Computer Name = rickscomp | Source = EventSystem | ID = 4621
    Description =

    Error - 6/25/2011 12:20:57 PM | Computer Name = rickscomp | Source = EventSystem | ID = 4609
    Description =

    Error - 6/25/2011 12:21:51 PM | Computer Name = rickscomp | Source = WinMgmt | ID = 10
    Description =

    Error - 6/25/2011 1:10:22 PM | Computer Name = rickscomp | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
    0x4db02c95, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
    exception code 0xc0000005, fault offset 0x00065833, process id 0x4e8, application
    start time 0x01cc3357c6f44f2c.

    Error - 6/25/2011 1:46:09 PM | Computer Name = rickscomp | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
    0x4db02c95, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727,
    exception code 0xc0000409, fault offset 0x00024aaa, process id 0x654, application
    start time 0x01cc335cc8e2bf6c.

    Error - 6/25/2011 3:24:00 PM | Computer Name = rickscomp | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
    0x4db02c95, faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe,
    exception code 0xc0000005, fault offset 0x00065833, process id 0xd94, application
    start time 0x01cc3361d8556bfc.

    [ System Events ]
    Error - 6/21/2011 12:02:48 AM | Computer Name = rickscomp | Source = netbt | ID = 4321
    Description = The name "JK-MACBOOK :0" could not be registered on the interface
    with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not
    allow the name to be claimed by this computer.

    Error - 6/21/2011 12:13:44 AM | Computer Name = rickscomp | Source = netbt | ID = 4321
    Description = The name "JK-MACBOOK :0" could not be registered on the interface
    with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not
    allow the name to be claimed by this computer.

    Error - 6/21/2011 12:23:25 AM | Computer Name = rickscomp | Source = netbt | ID = 4321
    Description = The name "JK-MACBOOK :0" could not be registered on the interface
    with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not
    allow the name to be claimed by this computer.

    Error - 6/21/2011 12:33:11 AM | Computer Name = rickscomp | Source = netbt | ID = 4321
    Description = The name "JK-MACBOOK :0" could not be registered on the interface
    with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not
    allow the name to be claimed by this computer.

    Error - 6/21/2011 12:42:51 AM | Computer Name = rickscomp | Source = netbt | ID = 4321
    Description = The name "JK-MACBOOK :0" could not be registered on the interface
    with IP address 192.168.2.11. The computer with the IP address 192.168.2.7 did not
    allow the name to be claimed by this computer.

    Error - 6/21/2011 3:21:35 AM | Computer Name = rickscomp | Source = DCOM | ID = 10005
    Description =

    Error - 6/21/2011 3:21:35 AM | Computer Name = rickscomp | Source = Service Control Manager | ID = 7009
    Description =

    Error - 6/21/2011 3:21:36 AM | Computer Name = rickscomp | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/21/2011 3:21:36 AM | Computer Name = rickscomp | Source = Service Control Manager | ID = 7009
    Description =

    Error - 6/21/2011 3:21:36 AM | Computer Name = rickscomp | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    What happened to Dr.Web AV program?

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      [2011/06/25 11:37:28 | 000,000,000 | ---D | C] -- C:\$AVG
      [2011/06/25 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Rukan\AppData\Roaming\AVG10
      [2011/06/25 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
      [2011/06/25 01:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
      [2011/06/20 13:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
      [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
      [2011/06/23 12:02:50 | 000,001,524 | -HS- | M] () -- C:\Users\Rukan\AppData\Local\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
      [2011/06/23 12:02:50 | 000,001,524 | -HS- | M] () -- C:\ProgramData\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. rukino

    rukino Newcomer, in training Topic Starter

    Okay, done. And the Dr. Web AV was just the 30 day trial, and before running Combofix I uninstalled it because even after disabling it the program told me it was still running, but I plan on installing Avast or something after we're done unless you'd recommend something else.

    No threats in ESET.
  17. rukino

    rukino Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    C:\$AVG\$VAULT folder moved successfully.
    C:\$AVG folder moved successfully.
    C:\Users\Rukan\AppData\Roaming\AVG10\cfgall folder moved successfully.
    C:\Users\Rukan\AppData\Roaming\AVG10 folder moved successfully.
    C:\ProgramData\AVG10\scanlogs folder moved successfully.
    C:\ProgramData\AVG10\log\IDP\log folder moved successfully.
    C:\ProgramData\AVG10\log\IDP folder moved successfully.
    C:\ProgramData\AVG10\log folder moved successfully.
    C:\ProgramData\AVG10\cfgall folder moved successfully.
    C:\ProgramData\AVG10\Cfg folder moved successfully.
    C:\ProgramData\AVG10 folder moved successfully.
    C:\Program Files\AVG\AVG10\Notification folder moved successfully.
    C:\Program Files\AVG\AVG10 folder moved successfully.
    C:\Program Files\AVG folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\Setup folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\flash\ammap\maps folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\flash\ammap\icons folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\flash\ammap folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\flash folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\defs\11061800 folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\defs\11061701 folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\defs folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\1033 folder moved successfully.
    C:\Program Files\Alwil Software\Avast5 folder moved successfully.
    C:\Program Files\Alwil Software folder moved successfully.
    C:\Windows\System32\ConduitEngine.tmp deleted successfully.
    C:\Users\Rukan\AppData\Local\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75 moved successfully.
    C:\ProgramData\v34614kokdn87ld5p5m0sj75hs41572n7x508nstf75 moved successfully.
    ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rukan
    ->Temp folder emptied: 38840 bytes
    ->Temporary Internet Files folder emptied: 396480 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 48847577 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 11862 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 88 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 48.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Public

    User: Rukan
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.24.1 log created on 06272011_014340

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  18. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Do it now.

    I still need Security Check log.
  19. rukino

    rukino Newcomer, in training Topic Starter

    Installing now.

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.3.181.26
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  20. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 2 installation and updating IE to version 9!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  21. rukino

    rukino Newcomer, in training Topic Starter

    Something weird just happened after OTL.

    When it was turning back on, a window popped up saying "An Unauthorized Change Has been Made" or something, and said it'd effect Windows functionality?

    And it opened a tab entitled "Genuine Microsoft Software" and on that page it says

    Windows validation in process
    This may take a few minutes, do not navigate away from this page.
  22. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Then don't.
  23. rukino

    rukino Newcomer, in training Topic Starter

    Well, yeah, but periodically it logs me off and it's just hanging on that page and nothing is happening.

    Error: 0xC004D401
    Description: The security processor reported a system file mismatch error.

    But, after a couple reboots it's gone.

    Here's the last OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rukan
    ->Temp folder emptied: 31990 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 19811287 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 331209656 bytes

    Total Files Cleaned = 335.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Public

    User: Rukan
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.24.1 log created on 06272011_174800

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    I've downloaded Foxit, and I'm following the rest of your directions. Thank you very much for your help and patience. It's really appreciated. I think my computer should be 100% back to normal now!
  24. Broni

    Broni Malware Annihilator Posts: 45,184   +242

    Way to go!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.