TechSpot

Hijacked browser, ie script errors, unwanted audio - help

Solved
By Tony R
Apr 20, 2011
Topic Status:
Not open for further replies.
  1. I have just completed the 8 step process (as far as I can go by myself). Problems with hijacked browser, wiped out my bing toolbars and toolbar access to my favorites. Script errors on internet explorer (while connected or not) and have commercials and sound in background (connected or not).

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 6407

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/20/2011 9:28:31 AM
    mbam-log-2011-04-20 (09-28-31).txt

    Scan type: Quick scan
    Objects scanned: 171679
    Time elapsed: 4 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-20 11:55:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD4000AAKS-00YGA0 rev.12.01C02
    Running: ei9dvczi.exe; Driver: C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\uwlcquob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    INITc VolSnap.sys BA0F3BD0 4 Bytes [80, A5, 53, 80]
    INITc VolSnap.sys BA0F3BF8 4 Bytes [B8, A1, 4F, 80]
    INITc VolSnap.sys BA0F3C20 4 Bytes [B6, AE, 4F, 80]
    INITc VolSnap.sys BA0F3C48 4 Bytes [30, FF, 4F, 80]
    INITc VolSnap.sys BA0F3C70 4 Bytes [7A, A8, 4F, 80]
    INITc ...
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BF2380, 0x2FF527, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Real\RealPlayer\update\realsched.exe[608] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\WINDOWS\Explorer.EXE[900] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00BC18D5
    .text C:\WINDOWS\Explorer.EXE[900] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00BC1A9D
    .text C:\WINDOWS\system32\SearchIndexer.exe[2484] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[2852] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:120] 8A6CEE84
    Thread System [4:124] 8A6D1084

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Tony R at 12:50:07.87 on Wed 04/20/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.950 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: My Security Shield *Enabled/Updated* {C8F8DBCE-255A-4F85-BA5B-3C8520887D60}
    FW: My Security Shield *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\hpzipm12.exe
    C:\pvsw\bin\w3dbsmgr.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Wireless-N PCI Adapter\WLService.exe
    C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Java\jre6\bin\javaws.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Documents and Settings\Tony R\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.msn.com
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
    mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [WinSys2] c:\windows\system32\winsys2.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283189514859
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200096966421
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5815/mcfscan.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    IFEO: image file execution options - svchost.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl7d52e461;MpKsl7d52e461;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{babe2718-a346-4dfb-92f4-6f0c8bf99590}\mpksl7d52e461.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{babe2718-a346-4dfb-92f4-6f0c8bf99590}\MpKsl7d52e461.sys [?]
    R1 MpKsldcea2621;MpKsldcea2621;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\MpKsldcea2621.sys [2011-4-20 28752]
    R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-1-11 8192]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R2 WMP300NSvc;WMP300NSvc;c:\program files\wireless-n pci adapter\WLService.exe [2009-9-22 53307]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
    R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2009-9-22 9344]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
    S1 gaennekt;gaennekt;\??\c:\windows\system32\drivers\gaennekt.sys --> c:\windows\system32\drivers\gaennekt.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2011-04-20 19:19:26 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2011-04-20 19:17:02 388096 ----a-r- c:\docume~1\tonyr~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-04-20 19:05:24 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\MpKsldcea2621.sys
    2011-04-20 19:05:15 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\mpengine.dll
    2011-04-16 18:59:11 -------- d-----w- c:\docume~1\tonyr~1\locals~1\applic~1\Western_Digital
    2011-04-16 18:58:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
    2011-04-15 16:11:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-01 06:48:33 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-04-01 06:47:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-01 06:45:38 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-01 06:21:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-01 06:21:55 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-01 06:20:57 -------- d-----w- C:\_265984_
    2011-04-01 06:20:47 -------- d-----w- c:\program files\common files\xing shared
    2011-04-01 05:54:15 -------- d-----w- c:\docume~1\tonyr~1\applic~1\Uniblue
    2011-04-01 05:52:33 -------- d-----w- c:\program files\common files\AnswerWorks 4.0
    2011-04-01 05:52:21 -------- d-----w- c:\program files\MSN Toolbar
    2011-04-01 05:52:21 -------- d-----w- c:\program files\Bing Bar Installer
    2011-04-01 05:46:17 -------- d-----w- c:\program files\common files\HP
    2011-03-31 17:54:50 -------- d-----w- c:\program files\common files\HP(2)
    2011-03-31 17:45:54 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
    2011-03-31 17:25:09 73728 ----a-w- c:\windows\system32\hppcappm.dll
    2011-03-31 17:25:09 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
    2011-03-31 17:25:09 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
    2011-03-31 16:57:03 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
    2011-03-30 15:32:16 -------- d-----w- c:\docume~1\tonyr~1\applic~1\DriverCure
    2011-03-30 15:32:15 -------- d-----w- c:\docume~1\tonyr~1\applic~1\ParetoLogic
    2011-03-30 14:34:06 -------- d-----w- c:\program files\Trend Micro
    2011-03-29 16:11:27 -------- d-----w- c:\docume~1\tonyr~1\locals~1\applic~1\Microsoft Corporation
    2011-03-29 16:11:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-03-29 14:49:46 -------- d-----w- c:\windows\MATS
    2011-03-29 14:49:44 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-03-24 18:14:58 -------- d-----w- c:\docume~1\tonyr~1\applic~1\Registry Mechanic
    2011-03-24 18:12:03 -------- d-----w- c:\program files\Xippit
    2011-03-24 18:00:50 -------- d-----w- c:\program files\RegServe
    2011-03-24 16:41:27 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcE.tmp
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 8462336 ----a-w- c:\windows\system32\shell32(2)(2).dll
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 12:50:19.26 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/10/2008 11:25:10 AM
    System Uptime: 4/20/2011 9:17:29 AM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2399/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 373 GiB total, 284.675 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&10B48CE1&0&01
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&10B48CE1&0&01
    Service: NVENETFD
    .
    ==== System Restore Points ===================
    .
    RP555: 1/20/2011 11:05:24 AM - System Checkpoint
    RP556: 1/21/2011 11:11:38 AM - System Checkpoint
    RP557: 1/22/2011 3:00:14 AM - Software Distribution Service 3.0
    RP558: 1/23/2011 3:11:38 AM - System Checkpoint
    RP559: 1/23/2011 11:16:18 AM - Removed Microsoft Visual C++ 2005 Redistributable
    RP560: 1/23/2011 11:16:44 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP561: 1/24/2011 12:11:35 PM - System Checkpoint
    RP562: 1/25/2011 2:29:52 PM - System Checkpoint
    RP563: 1/26/2011 3:31:42 PM - System Checkpoint
    RP564: 1/27/2011 4:11:36 PM - System Checkpoint
    RP565: 1/28/2011 5:11:36 PM - System Checkpoint
    RP566: 1/29/2011 6:11:36 PM - System Checkpoint
    RP567: 1/30/2011 6:34:33 PM - System Checkpoint
    RP568: 1/31/2011 7:11:36 PM - System Checkpoint
    RP569: 2/1/2011 8:11:36 PM - System Checkpoint
    RP570: 2/2/2011 9:11:36 PM - System Checkpoint
    RP571: 2/3/2011 10:11:36 PM - System Checkpoint
    RP572: 2/4/2011 11:11:36 PM - System Checkpoint
    RP573: 2/6/2011 12:25:51 AM - System Checkpoint
    RP574: 2/7/2011 1:11:28 AM - System Checkpoint
    RP575: 2/8/2011 2:11:56 AM - System Checkpoint
    RP576: 2/9/2011 3:11:27 AM - System Checkpoint
    RP577: 2/10/2011 3:00:15 AM - Software Distribution Service 3.0
    RP578: 2/11/2011 3:25:04 AM - System Checkpoint
    RP579: 2/12/2011 4:25:04 AM - System Checkpoint
    RP580: 2/13/2011 5:25:04 AM - System Checkpoint
    RP581: 2/14/2011 6:24:59 AM - System Checkpoint
    RP582: 2/15/2011 6:28:07 AM - System Checkpoint
    RP583: 2/16/2011 7:39:23 AM - Restore Operation
    RP584: 2/17/2011 3:00:21 AM - Software Distribution Service 3.0
    RP585: 2/17/2011 12:01:38 PM - Installed Home Designer Pro 10 Trial Version
    RP586: 2/18/2011 12:38:38 PM - System Checkpoint
    RP587: 2/19/2011 12:43:27 PM - System Checkpoint
    RP588: 2/20/2011 1:43:21 PM - System Checkpoint
    RP589: 2/21/2011 2:11:52 PM - System Checkpoint
    RP590: 2/22/2011 2:43:21 PM - System Checkpoint
    RP591: 2/23/2011 3:43:21 PM - System Checkpoint
    RP592: 2/24/2011 4:43:16 PM - System Checkpoint
    RP593: 2/25/2011 4:54:56 PM - System Checkpoint
    RP594: 2/26/2011 5:41:25 PM - System Checkpoint
    RP595: 2/27/2011 3:43:35 PM - Installed TurboTax 2010 wrapper
    RP596: 2/27/2011 3:49:32 PM - Installed TurboTax 2010 waziper
    RP597: 2/28/2011 9:13:45 PM - System Checkpoint
    RP598: 3/1/2011 9:43:16 PM - System Checkpoint
    RP599: 3/2/2011 10:46:55 PM - System Checkpoint
    RP600: 3/3/2011 11:42:59 PM - System Checkpoint
    RP601: 3/5/2011 12:50:44 AM - System Checkpoint
    RP602: 3/6/2011 1:43:00 AM - System Checkpoint
    RP603: 3/7/2011 2:42:59 AM - System Checkpoint
    RP604: 3/8/2011 3:40:59 AM - System Checkpoint
    RP605: 3/9/2011 3:00:14 AM - Software Distribution Service 3.0
    RP606: 3/10/2011 3:43:02 AM - System Checkpoint
    RP607: 3/11/2011 3:00:14 AM - Software Distribution Service 3.0
    RP608: 3/12/2011 3:21:58 AM - System Checkpoint
    RP609: 3/13/2011 4:21:58 AM - System Checkpoint
    RP610: 3/14/2011 5:21:58 AM - System Checkpoint
    RP611: 3/14/2011 12:01:06 PM - Restore Operation
    RP612: 3/14/2011 12:18:49 PM - Software Distribution Service 3.0
    RP613: 3/15/2011 1:18:36 PM - System Checkpoint
    RP614: 3/16/2011 3:03:27 PM - System Checkpoint
    RP615: 3/17/2011 3:18:40 PM - System Checkpoint
    RP616: 3/18/2011 4:18:40 PM - System Checkpoint
    RP617: 3/19/2011 5:33:03 PM - System Checkpoint
    RP618: 3/20/2011 6:18:40 PM - System Checkpoint
    RP619: 3/21/2011 7:59:39 PM - System Checkpoint
    RP620: 3/22/2011 8:53:12 PM - System Checkpoint
    RP621: 3/23/2011 10:04:55 PM - Restore Operation
    RP622: 3/23/2011 10:11:15 PM - Software Distribution Service 3.0
    RP623: 3/24/2011 9:44:42 AM - Installed DirectX
    RP624: 3/24/2011 10:28:43 AM - Installed Microsoft Fix it 50393
    RP625: 3/24/2011 11:14:32 AM - RegServe restore point
    RP626: 3/25/2011 7:12:40 AM - RegServe restore point
    RP627: 3/25/2011 6:53:01 PM - Software Distribution Service 3.0
    RP628: 3/25/2011 11:41:09 PM - Cleaned registry with Windows Live OneCare safety scanner
    RP629: 3/25/2011 11:51:35 PM - Installed Bing Bar
    RP630: 3/26/2011 12:22:54 AM - Software Distribution Service 3.0
    RP631: 3/27/2011 12:23:20 AM - Software Distribution Service 3.0
    RP632: 3/28/2011 12:23:28 AM - Software Distribution Service 3.0
    RP633: 3/28/2011 9:03:56 AM - Removed Bing Bar
    RP634: 3/28/2011 9:17:55 AM - Installed Bing Bar
    RP635: 3/28/2011 9:22:47 AM - Removed Bing Bar
    RP636: 3/29/2011 12:23:22 AM - Software Distribution Service 3.0
    RP637: 3/29/2011 7:49:10 AM - Installed %1 %2.
    RP638: 3/29/2011 8:50:46 AM - Software Distribution Service 3.0
    RP639: 3/29/2011 9:11:05 AM - Installed Windows 7 Upgrade Advisor
    RP640: 3/29/2011 10:47:39 PM - RegServe restore point
    RP641: 3/30/2011 12:23:43 AM - Software Distribution Service 3.0
    RP642: 3/30/2011 7:34:05 AM - Installed HiJackThis
    RP643: 3/31/2011 12:23:07 AM - Software Distribution Service 3.0
    RP644: 3/31/2011 10:46:54 AM - Removed HP Software Update
    RP645: 3/31/2011 10:52:35 AM - Printer Driver HP CLJ2840 PCL 6 - Black_White Installed
    RP646: 3/31/2011 10:53:58 AM - Printer Driver HP Color LaserJet 2830_2840 Fax Installed
    RP647: 3/31/2011 10:43:19 PM - Restore Operation
    RP648: 3/31/2011 11:47:23 PM - Software Distribution Service 3.0
    RP649: 4/1/2011 3:00:57 AM - Software Distribution Service 3.0
    RP650: 4/1/2011 5:43:03 AM - Software Distribution Service 3.0
    RP651: 4/2/2011 3:00:14 AM - Software Distribution Service 3.0
    RP652: 4/2/2011 5:51:14 AM - Software Distribution Service 3.0
    RP653: 4/3/2011 2:22:46 AM - Software Distribution Service 3.0
    RP654: 4/3/2011 3:00:14 AM - Software Distribution Service 3.0
    RP655: 4/4/2011 3:00:14 AM - Software Distribution Service 3.0
    RP656: 4/4/2011 5:50:57 AM - Software Distribution Service 3.0
    RP657: 4/5/2011 3:00:14 AM - Software Distribution Service 3.0
    RP658: 4/5/2011 5:50:54 AM - Software Distribution Service 3.0
    RP659: 4/6/2011 3:00:14 AM - Software Distribution Service 3.0
    RP660: 4/6/2011 5:50:59 AM - Software Distribution Service 3.0
    RP661: 4/7/2011 3:00:14 AM - Software Distribution Service 3.0
    RP662: 4/7/2011 5:51:15 AM - Software Distribution Service 3.0
    RP663: 4/8/2011 3:00:14 AM - Software Distribution Service 3.0
    RP664: 4/8/2011 5:51:01 AM - Software Distribution Service 3.0
    RP665: 4/9/2011 3:00:14 AM - Software Distribution Service 3.0
    RP666: 4/9/2011 5:51:09 AM - Software Distribution Service 3.0
    RP667: 4/10/2011 2:22:32 AM - Software Distribution Service 3.0
    RP668: 4/10/2011 3:00:14 AM - Software Distribution Service 3.0
    RP669: 4/11/2011 3:00:14 AM - Software Distribution Service 3.0
    RP670: 4/11/2011 5:51:01 AM - Software Distribution Service 3.0
    RP671: 4/12/2011 3:00:14 AM - Software Distribution Service 3.0
    RP672: 4/12/2011 5:51:05 AM - Software Distribution Service 3.0
    RP673: 4/13/2011 3:00:14 AM - Software Distribution Service 3.0
    RP674: 4/13/2011 5:51:19 AM - Software Distribution Service 3.0
    RP675: 4/14/2011 5:50:56 AM - Software Distribution Service 3.0
    RP676: 4/15/2011 3:02:00 AM - Software Distribution Service 3.0
    RP677: 4/15/2011 8:00:24 AM - Software Distribution Service 3.0
    RP678: 4/15/2011 9:10:57 AM - Installed Java(TM) 6 Update 24
    RP679: 4/16/2011 3:00:14 AM - Software Distribution Service 3.0
    RP680: 4/16/2011 7:46:54 AM - Installed TurboTax 2010 wrapper
    RP681: 4/16/2011 7:54:40 AM - Software Distribution Service 3.0
    RP682: 4/16/2011 8:04:41 AM - Installed TurboTax 2010 waziper
    RP683: 4/16/2011 8:54:46 AM - Installed TurboTax 2010 wrapper
    RP684: 4/16/2011 9:00:37 AM - Installed TurboTax 2010 waziper
    RP685: 4/16/2011 2:15:04 PM - Installed TurboTax 2010 wrapper
    RP686: 4/17/2011 2:03:29 AM - Software Distribution Service 3.0
    RP687: 4/17/2011 3:00:13 AM - Software Distribution Service 3.0
    RP688: 4/17/2011 12:17:56 PM - Software Distribution Service 3.0
    RP689: 4/18/2011 3:00:17 AM - Software Distribution Service 3.0
    RP690: 4/18/2011 12:17:31 PM - Software Distribution Service 3.0
    RP691: 4/19/2011 3:00:14 AM - Software Distribution Service 3.0
    RP692: 4/19/2011 12:17:35 PM - Software Distribution Service 3.0
    RP693: 4/20/2011 3:00:14 AM - Software Distribution Service 3.0
    RP694: 4/20/2011 9:11:43 AM - Software Distribution Service 3.0
    RP695: 4/20/2011 12:17:01 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.3
    AirPlus XtremeG
    ANIO Service
    ANIWZCS2 Service
    Belarc Advisor 8.1
    Bing Bar
    Bing Bar Platform
    Broadcom 802.11 Network Adapter
    BufferChm
    CP_PLSBusinessFlyers
    CreativeProjects
    Destinations
    Director
    DocProc
    DocumentViewer
    GoGear VIBE Device Manager
    Google Chrome
    Google Earth
    Google Update Helper
    GoToMeeting 4.5.0.456
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Color LaserJet 2820/2830/2840 2.0
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Software Update
    hpp2800usg
    hppCLJ2800
    hppDustDevil
    hppFaxDrv
    hppFonts
    hppIOFiles
    hppManuals2800
    hppscan2800
    hppScanTo
    hppSendFax
    hppTooCool
    HPSystemDiagnostics
    InstantShare
    iSEEK AnswerWorks English Runtime
    Java Auto Updater
    Java(TM) 6 Update 24
    JMB36X Raid Configurer
    Junk Mail filter update
    LightScribe System Software 1.10.27.1
    LightScribeTemplateLabeler
    Linksys Wireless-N PCI Adapter
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Converter for Philips
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft IntelliPoint 6.1
    Microsoft IntelliType Pro 6.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Personal Folders Backup
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Move Media Player
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Peachtree Accounting 2007
    Peachtree Complete Accounting 2007
    PeachTree Signature Ready Forms
    Pervasive Software PSQL v9.1 Client
    Pervasive System Analyzer v9.1
    PhotoGallery
    QFolder
    Quicken 2007
    RangeMax Wireless-N USB Adapter WN111v2
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rhapsody
    Sage Software Integration Services
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SkinsHP1
    Sonic UDF Reader
    Sony Picture Utility
    Sony USB Driver
    Sony Vegas Movie Studio Platinum 8.0
    System Tool2011
    TrayApp
    TurboTax 2009
    TurboTax 2009 waziper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 waziper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WD SmartWare
    WebFldrs XP
    WebReg
    WexTech AnswerWorks
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WN111v2
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/14/2011 9:54:55 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer TONY using any of the configured protocols.
    .
    ==== End Of File ===========================


    Sorry I don't know how to zip it.

    Thanks, Tony R

    oops may have posted in wrong forum
  2. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    MBR and Combofix logs

    Hi Broni. Thanks for your quick response. Had to go to safe mode to run combofix.
    First run it blue screened on me. Then CHKDSK took over and repaired several things. Second run of combofix in safe mode went OK, except for the recovery module was not accessible on the internet in safe mode.

    Here are the items you requested.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 161):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xBA0F8000 jraid.sys
    0xB9EF3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xBA108000 disk.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ED3000 fltmgr.sys
    0xB9EC1000 sr.sys
    0xB9EAB000 DRVMCDB.SYS
    0xBA128000 PxHelp20.sys
    0xB9E94000 KSecDD.sys
    0xB9E07000 Ntfs.sys
    0xB9DDA000 NDIS.sys
    0xB9DC0000 Mup.sys
    0xBA5AE000 JGOGO.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB8BF2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8BDE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9D58000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB8BCA000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB8BA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA5EE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8B83000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB8AFE000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB8AD6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB9D54000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB8A8B000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xB8A54000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    0xBA5F0000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\jswscimd.sys
    0xBA6F9000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9A60000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8A3D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8A2C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB89FC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5F2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB899E000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9A48000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\wsimd.sys
    0xBA288000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA430000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB51D9000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB51B5000 \SystemRoot\system32\drivers\portcls.sys
    0xBA178000 \SystemRoot\system32\drivers\drmk.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA614000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB5166000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA61A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA765000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA61C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB56A6000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xB569E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB5696000 \SystemRoot\System32\drivers\vga.sys
    0xBA61E000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA620000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB568E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB5686000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB518D000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAEFC6000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAEF6D000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAEF47000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAEF1F000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB3045000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB7936000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xAEEFD000 \SystemRoot\System32\drivers\afd.sys
    0xB3035000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB2F15000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAEED2000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAEE62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB0041000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABE2718-A346-4DFB-92F4-6F0C8BF99590}\MpKsl7d52e461.sys
    0xAEDF3000 \SystemRoot\system32\DRIVERS\WN111v2.sys
    0xB7742000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB48BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB76F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA410000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xB48B7000 \SystemRoot\system32\drivers\hpplsbulk.sys
    0xBA418000 \SystemRoot\system32\drivers\HPPLSGEN.SYS
    0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA57C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xAED50000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA580000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\point32.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xBA2A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBA590000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
    0xBA594000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xAED38000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA626000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB792E000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3F8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA758000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBF580000 \SystemRoot\System32\ATMFD.DLL
    0xB3601000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA7A6000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xAEA82000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xAEB08000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xBA5C2000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xB0079000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xAEA6A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xAEA54000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xAEAAC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAE8BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA616000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB0089000 \??\C:\WINDOWS\system32\ANIO.SYS
    0xAE7C7000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA3A0000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xAE31C000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xAE1EF000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAE27C000 \SystemRoot\system32\drivers\sysaudio.sys
    0xAE218000 \??\C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS
    0xAD73F000 \SystemRoot\System32\Drivers\HTTP.sys
    0xAD567000 \??\C:\WINDOWS\system32\DNINDIS5.SYS
    0xABD2C000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xAB728000 \??\C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\uwlcquob.sys
    0xB567E000 \??\C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\mbr.sys
    0xAFD86000 \SystemRoot\System32\Drivers\BANTExt.sys
    0xAB216000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xBA3B0000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EB38BE5-C8B3-4470-9095-07B8C4836470}\MpKsl18d14d28.sys
    0xAB0E8000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    516 C:\WINDOWS\system32\smss.exe
    1164 csrss.exe
    1188 C:\WINDOWS\system32\winlogon.exe
    1232 C:\WINDOWS\system32\services.exe
    1248 C:\WINDOWS\system32\lsass.exe
    1448 C:\WINDOWS\system32\svchost.exe
    1496 svchost.exe
    1536 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1572 C:\WINDOWS\system32\svchost.exe
    1688 svchost.exe
    1724 svchost.exe
    1952 C:\WINDOWS\system32\WLTRYSVC.EXE
    1964 C:\WINDOWS\system32\BCMWLTRY.EXE
    204 C:\WINDOWS\system32\spoolsv.exe
    292 C:\WINDOWS\system32\acs.exe
    432 svchost.exe
    504 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    776 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    960 C:\Program Files\Java\jre6\bin\jqs.exe
    984 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1024 C:\WINDOWS\system32\nvsvc32.exe
    1040 C:\WINDOWS\system32\srvany.exe
    1052 C:\WINDOWS\system32\HPZipm12.exe
    1060 C:\pvsw\bin\w3dbsmgr.exe
    1096 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1252 C:\WINDOWS\system32\svchost.exe
    1700 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2348 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    2408 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2444 C:\Program Files\Wireless-N PCI Adapter\WLService.exe
    2476 C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
    2484 C:\WINDOWS\system32\searchindexer.exe
    3468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3744 alg.exe
    900 C:\WINDOWS\explorer.exe
    3344 C:\WINDOWS\system32\rundll32.exe
    3404 C:\WINDOWS\RTHDCPL.EXE
    3500 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    3508 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3516 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3556 C:\WINDOWS\system32\WLTRAY.EXE
    3600 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3676 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4048 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    4084 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
    2944 C:\Program Files\Microsoft Security Client\msseces.exe
    1080 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    2432 C:\WINDOWS\system32\ctfmon.exe
    2776 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2624 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3428 C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    2704 C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
    2816 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    3324 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    3460 C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
    3736 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    5188 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    9096 C:\Program Files\Real\RealPlayer\Update\realsched.exe
    10124 C:\Program Files\Internet Explorer\iexplore.exe
    10236 C:\Program Files\Internet Explorer\iexplore.exe
    4016 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    5600 C:\WINDOWS\system32\searchprotocolhost.exe
    1996 searchfilterhost.exe
    3996 C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD4000AAKS-00YGA0, Rev: 12.01C02

    Size Device Name MBR Status
    --------------------------------------------
    372 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    ComboFix 11-04-20.04 - Tony R 04/21/2011 10:44:02.1.4 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1649 [GMT -7:00]
    Running from: c:\documents and settings\Tony R\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\cHkFk06300
    c:\documents and settings\All Users\Application Data\cHkFk06300\cHkFk06300
    c:\documents and settings\All Users\Application Data\cHkFk06300\cHkFk06300.exe
    c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter
    c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter \Uninstall.lnk
    c:\documents and settings\Tony R\Recent\delfile.exe
    c:\documents and settings\Tony R\Recent\FW.drv
    c:\documents and settings\Tony R\Recent\gid.dll
    c:\documents and settings\Tony R\Recent\PE.exe
    c:\documents and settings\Tony R\Recent\PE.sys
    c:\documents and settings\Tony R\Recent\ppal.exe
    c:\documents and settings\Tony R\Recent\runddl.sys
    c:\documents and settings\Tony R\Recent\SM.drv
    c:\documents and settings\Tony R\Recent\SM.exe
    c:\documents and settings\Tony R\Recent\std.dll
    c:\documents and settings\Tony R\Recent\tempdoc.drv
    c:\documents and settings\Tony R\Recent\tjd.sys
    c:\documents and settings\Tony R\Start Menu\Programs\System Tool
    c:\documents and settings\Tony R\Start Menu\Programs\System Tool\System Tool 2011.lnk
    c:\documents and settings\Tony R\WINDOWS
    c:\program files\Shared
    c:\program files\Shared\shared.sig
    c:\windows\system32\SysInfo.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-21 16:24 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EB38BE5-C8B3-4470-9095-07B8C4836470}\mpengine.dll
    2011-04-21 10:00 . 2011-04-21 10:00 -------- d-----w- c:\windows\LastGood.Tmp
    2011-04-20 19:19 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2011-04-20 19:17 . 2011-04-20 19:17 388096 ----a-r- c:\documents and settings\Tony R\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-16 18:59 . 2011-04-16 18:59 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Western_Digital
    2011-04-16 18:58 . 2011-04-16 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
    2011-04-16 18:58 . 2011-04-16 18:58 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-04-15 16:11 . 2011-04-15 16:11 -------- d-----w- c:\program files\Common Files\Java
    2011-04-15 16:11 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-01 06:48 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-01 06:47 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-01 06:45 . 2011-04-01 06:45 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-01 06:21 . 2011-04-01 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- C:\_265984_
    2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- c:\program files\Common Files\xing shared
    2011-04-01 05:54 . 2011-04-01 05:54 -------- d-----w- c:\documents and settings\Tony R\Application Data\Uniblue
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Bing Bar Installer
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\MSN Toolbar
    2011-04-01 05:46 . 2011-04-01 05:46 -------- d-----w- c:\program files\Common Files\HP
    2011-03-31 17:45 . 2003-03-19 03:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
    2011-03-31 17:25 . 2005-03-25 02:48 73728 ----a-w- c:\windows\system32\hppcappm.dll
    2011-03-31 17:25 . 2002-04-10 16:19 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
    2011-03-31 17:25 . 2002-04-10 16:19 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
    2011-03-31 16:57 . 2011-04-01 05:47 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
    2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\DriverCure
    2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\ParetoLogic
    2011-03-30 14:34 . 2011-03-30 14:34 -------- d-----w- c:\program files\Trend Micro
    2011-03-29 16:11 . 2011-03-29 16:11 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Microsoft Corporation
    2011-03-29 16:11 . 2011-04-01 05:49 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-03-29 15:56 . 2011-03-29 15:56 -------- d-----w- c:\program files\Microsoft.NET
    2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\windows\MATS
    2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-03-24 18:14 . 2011-03-24 18:14 -------- d-----w- c:\documents and settings\Tony R\Application Data\Registry Mechanic
    2011-03-24 18:12 . 2011-04-01 05:54 -------- d-----w- c:\program files\Xippit
    2011-03-24 18:00 . 2011-04-01 05:54 -------- d-----w- c:\program files\RegServe
    2011-03-24 16:41 . 2011-03-24 16:41 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcE.tmp
    2011-03-24 16:34 . 2011-04-01 05:55 -------- d-s---w- c:\documents and settings\New Tony R
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-09 08:19 . 2009-03-30 23:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-04-09 08:19 . 2009-03-30 23:20 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 05:33 . 2008-01-10 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2010-08-30 17:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 02:19 . 2010-06-09 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2008-01-10 18:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-01-10 18:20 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
    "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-29 274608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
    .
    c:\documents and settings\atr\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-11 368640]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-10-6 1482831]
    Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-4-1 1701224]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/22/2009 1:54 PM 9344]
    S1 gaennekt;gaennekt;\??\c:\windows\system32\drivers\gaennekt.sys --> c:\windows\system32\drivers\gaennekt.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:15 AM 135664]
    S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2008 6:02 PM 8192]
    S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
    S2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [9/22/2009 3:29 PM 53307]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
    S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-12-05 19:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
    .
    2011-04-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
    .
    2011-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
    .
    2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
    .
    2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-21 10:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-04-21 10:51:31
    ComboFix-quarantined-files.txt 2011-04-21 17:51
    .
    Pre-Run: 305,457,393,664 bytes free
    Post-Run: 305,464,692,736 bytes free
    .
    - - End Of File - - 49361E26E5521E66258E2A2ADC77B0E4
  4. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    See, if you can run Combofix fix in normal mode now....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\gaennekt.sys
    
    
    Folder::
    c:\documents and settings\Tony R\Application Data\Uniblue
    c:\documents and settings\Tony R\Application Data\Registry Mechanic
    
    
    Driver::
    gaennekt
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  5. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Continuing fix

    Hi Broni. Still wasn't able to run ComboFix in normal mode. Had to hard boot after
    Combofixed failed to run. Opened notepad and posted codebox info. Dragged
    CFScript to Combofix, ran it and it blue screened. Hard boot again. Ran in safe mode. CFScript to Combofix. Still no windows recovery console.

    ComboFix 11-04-20.04 - Tony R 04/22/2011 7:46.2.4 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -7:00]
    Running from: c:\documents and settings\Tony R\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tony R\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    FILE ::
    "c:\windows\system32\drivers\gaennekt.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Tony R\Application Data\Registry Mechanic
    c:\documents and settings\Tony R\Application Data\Registry Mechanic\SystemReport.txt
    c:\documents and settings\Tony R\Application Data\Uniblue
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_gaennekt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-22 14:33 . 2011-04-22 14:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\MpKslebd3ca69.sys
    2011-04-22 14:32 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\mpengine.dll
    2011-04-20 19:19 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2011-04-20 19:17 . 2011-04-20 19:17 388096 ----a-r- c:\documents and settings\Tony R\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-16 18:59 . 2011-04-16 18:59 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Western_Digital
    2011-04-16 18:58 . 2011-04-16 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
    2011-04-16 18:58 . 2011-04-16 18:58 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-04-15 16:11 . 2011-04-15 16:11 -------- d-----w- c:\program files\Common Files\Java
    2011-04-15 16:11 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-01 06:48 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-01 06:47 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-01 06:45 . 2011-04-01 06:45 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-01 06:21 . 2011-04-01 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- C:\_265984_
    2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- c:\program files\Common Files\xing shared
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Bing Bar Installer
    2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\MSN Toolbar
    2011-04-01 05:46 . 2011-04-01 05:46 -------- d-----w- c:\program files\Common Files\HP
    2011-03-31 17:45 . 2003-03-19 03:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
    2011-03-31 17:25 . 2005-03-25 02:48 73728 ----a-w- c:\windows\system32\hppcappm.dll
    2011-03-31 17:25 . 2002-04-10 16:19 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
    2011-03-31 17:25 . 2002-04-10 16:19 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
    2011-03-31 16:57 . 2011-04-01 05:47 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
    2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\DriverCure
    2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\ParetoLogic
    2011-03-30 14:34 . 2011-03-30 14:34 -------- d-----w- c:\program files\Trend Micro
    2011-03-29 16:11 . 2011-03-29 16:11 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Microsoft Corporation
    2011-03-29 16:11 . 2011-04-01 05:49 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-03-29 15:56 . 2011-03-29 15:56 -------- d-----w- c:\program files\Microsoft.NET
    2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\windows\MATS
    2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-03-24 18:12 . 2011-04-01 05:54 -------- d-----w- c:\program files\Xippit
    2011-03-24 18:00 . 2011-04-01 05:54 -------- d-----w- c:\program files\RegServe
    2011-03-24 16:41 . 2011-03-24 16:41 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcE.tmp
    2011-03-24 16:34 . 2011-04-01 05:55 -------- d-s---w- c:\documents and settings\New Tony R
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-09 08:19 . 2009-03-30 23:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-04-09 08:19 . 2009-03-30 23:20 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 05:33 . 2008-01-10 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2010-08-30 17:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 02:19 . 2010-06-09 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2008-01-10 18:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-01-10 18:20 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
    "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-29 274608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
    .
    c:\documents and settings\atr\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-11 368640]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-10-6 1482831]
    Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-4-1 1701224]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 MpKslebd3ca69;MpKslebd3ca69;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\MpKslebd3ca69.sys [4/22/2011 7:33 AM 28752]
    R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2008 6:02 PM 8192]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
    R2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [9/22/2009 3:29 PM 53307]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
    S1 MpKsle25c77ac;MpKsle25c77ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F2F010-C553-431D-9B38-3296884BC26D}\MpKsle25c77ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F2F010-C553-431D-9B38-3296884BC26D}\MpKsle25c77ac.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:15 AM 135664]
    S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/22/2009 1:54 PM 9344]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - GTNDIS5
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-12-05 19:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
    .
    2011-04-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
    .
    2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
    .
    2011-04-22 c:\windows\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-22 07:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3888)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\jscript.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\Macromed\Flash\Flash10l.ocx
    c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\acs.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\hpzipm12.exe
    c:\pvsw\bin\w3dbsmgr.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Wireless-N PCI Adapter\WMP300N.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\RTHDCPL.EXE
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\windows\system32\SearchProtocolHost.exe
    c:\progra~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\windows\system32\SearchFilterHost.exe
    c:\windows\system32\SearchProtocolHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-22 08:02:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-22 15:02
    ComboFix2.txt 2011-04-21 17:51
    .
    Pre-Run: 305,464,897,536 bytes free
    Post-Run: 305,404,502,016 bytes free
    .
    - - End Of File - - 642E4C6054F5BABE544DDB7073265E14
  6. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Restart computer in Safe Mode with Networking, re-run Combofix and see, if you can install recovery console.
  7. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Rerun in Safe Mode with Networking

    Ran Confix.exe in Safe Mode with Networking. MS Essentials and Windows Firewall disabled. Was not able to connect to internet for Recovery Console.
  8. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    That's fine.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    OTL.exe

    Had to split the OTL log. No other issues other that I know of other than what we've been looking at.




    OTL logfile created on: 4/22/2011 12:52:52 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tony R\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 284.42 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
    Drive D: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ATR-ELECTRIC | User Name: Tony R | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
    PRC - [2010/12/29 11:33:28 | 000,491,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2010/12/29 11:33:27 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/21 16:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    PRC - [2010/01/21 16:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/12/03 12:05:08 | 001,701,224 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
    PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2008/10/06 10:25:58 | 001,482,831 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2006/05/10 12:08:29 | 000,008,192 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
    PRC - [2006/05/09 08:09:52 | 005,242,880 | ---- | M] (Linksys) -- C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
    PRC - [2006/03/02 21:57:42 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
    PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-N PCI Adapter\WLService.exe
    PRC - [2005/03/24 13:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
    MOD - [2010/12/29 11:33:38 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- -- (WMP300NSvc)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
    SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/05/10 12:08:29 | 000,008,192 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/22 12:17:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB3DA874-E260-48EE-BAEE-455918EA4837}\MpKsl6fb38f25.sys -- (MpKsl6fb38f25)
    DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
    DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
    DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2006/11/14 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/10/29 20:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
    DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2006/04/24 23:51:08 | 000,543,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2006/02/17 04:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/02/17 04:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/02/07 04:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
    DRV - [2005/02/02 16:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
    DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Wireless-N PCI Adapter\GTNDIS5.sys -- (GTNDIS5)
    DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
    DRV - [2003/05/05 18:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 09 13 A2 6A 82 CA 01 [binary data]
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/04/01 17:06:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/31 22:52:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/03/31 22:52:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 13:26:35 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/04/22 07:56:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk = C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    O4 - Startup: C:\Documents and Settings\atr\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283189514859 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200096966421 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5815/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/01/10 11:23:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/11/02 18:41:09 | 000,000,113 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.mjpg - C:\WINDOWS\System32\mcmjpg32.dll (MainConcept)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/22 12:49:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
    [2011/04/22 12:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/04/21 10:36:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/21 10:36:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/21 10:36:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/21 10:36:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/21 09:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/21 09:47:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/20 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Start Menu\Programs\HiJackThis
    [2011/04/20 09:14:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe
    [2011/04/16 14:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
    [2011/04/16 11:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Local Settings\Application Data\Western_Digital
    [2011/04/16 11:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2011/04/16 11:58:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2011/04/16 11:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
    [2011/04/15 09:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/04/15 09:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/03/31 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/03/31 23:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
    [2011/03/31 23:20:57 | 000,000,000 | ---D | C] -- C:\_265984_
    [2011/03/31 23:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/03/31 23:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
    [2011/03/31 22:56:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony R\Recent
    [2011/03/31 22:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
    [2011/03/31 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2011/03/31 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
    [2011/03/31 22:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2011/03/31 10:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP(2)
    [2011/03/31 09:57:03 | 000,000,000 | ---D | C] -- C:\Color LaserJet 2840 SKINS Error Fix
    [2011/03/30 08:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Application Data\DriverCure
    [2011/03/30 08:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Application Data\ParetoLogic
    [2011/03/30 07:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/03/29 09:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft Corporation
    [2011/03/29 09:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2011/03/29 08:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2011/03/29 07:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
    [2011/03/29 07:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
    [2011/03/29 07:49:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2011/03/24 11:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Xippit
    [2011/03/24 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\RegServe
    [2011/03/24 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

    ========== Files - Modified Within 30 Days ==========

    [2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
    [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
    [2011/04/22 12:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/22 12:18:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
    [2011/04/22 12:18:19 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
    [2011/04/22 12:16:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/22 12:16:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/22 12:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/22 11:58:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/22 07:56:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/21 09:41:52 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
    [2011/04/21 09:36:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
    [2011/04/20 12:28:05 | 000,315,031 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\Belarc Advisor Current Profile.mht
    [2011/04/20 12:25:48 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\HiJackThis.lnk
    [2011/04/20 12:19:29 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2011/04/20 12:19:29 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
    [2011/04/20 12:04:01 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\dds.scr
    [2011/04/20 09:35:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
    [2011/04/20 09:14:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe
    [2011/04/16 16:04:36 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
    [2011/04/16 14:16:03 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\Office Excel 2007.lnk
    [2011/04/16 13:53:13 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2011/04/16 11:58:30 | 000,001,169 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/04/16 11:58:30 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/04/16 09:02:39 | 000,341,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/15 03:23:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/15 03:17:32 | 000,520,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/15 03:17:32 | 000,093,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/14 12:40:53 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/04/09 21:39:18 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/04/01 05:42:24 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/04/01 05:39:50 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/03/31 23:48:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/03/31 22:38:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18341684
    [2011/03/31 22:38:11 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
    [2011/03/31 22:38:04 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18341684
    [2011/03/31 22:19:39 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19717940
    [2011/03/31 22:17:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19717940
    [2011/03/31 20:43:38 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
    [2011/03/31 11:13:15 | 000,053,975 | ---- | M] () -- C:\WINDOWS\hppins01.dat.temp
    [2011/03/31 10:52:54 | 000,000,655 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
    [2011/03/31 10:52:40 | 000,003,496 | ---- | M] () -- C:\WINDOWS\hpbvnstp.his
    [2011/03/31 03:00:02 | 002,228,224 | -H-- | M] () -- C:\Documents and Settings\Tony R\My Documents\Inventory.accdb
    [2011/03/24 10:51:59 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
    [2011/03/23 21:58:27 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19586868
    [2011/03/23 21:54:59 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
    [2011/03/23 21:54:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19586868

    ========== Files Created - No Company Name ==========

    [2011/04/21 10:36:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/21 10:36:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/21 10:36:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/21 10:36:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/21 10:36:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/21 09:41:42 | 004,325,821 | R--- | C] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
    [2011/04/21 09:36:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
    [2011/04/20 12:28:05 | 000,315,031 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\Belarc Advisor Current Profile.mht
    [2011/04/20 12:19:29 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2011/04/20 12:19:29 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
    [2011/04/20 12:19:29 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
    [2011/04/20 12:19:26 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2011/04/20 12:17:02 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\HiJackThis.lnk
    [2011/04/20 11:59:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\dds.scr
    [2011/04/20 09:35:24 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
    [2011/04/16 14:18:00 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
    [2011/04/16 11:58:30 | 000,001,169 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    [2011/04/16 11:58:30 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/03/31 23:56:09 | 000,053,975 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
    [2011/03/31 23:56:08 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
    [2011/03/31 23:45:44 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/03/31 22:38:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
    [2011/03/31 22:38:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684
    [2011/03/31 22:38:04 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18341684
    [2011/03/31 20:43:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
    [2011/03/31 20:43:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940
    [2011/03/31 20:43:34 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19717940
    [2011/03/31 10:52:41 | 000,000,655 | ---- | C] () -- C:\WINDOWS\hpbvspst.hi1
    [2011/03/31 10:52:41 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.bu1
    [2011/03/31 10:52:28 | 000,003,496 | ---- | C] () -- C:\WINDOWS\hpbvnstp.hi1
    [2011/03/31 10:52:28 | 000,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.bu1
    [2011/03/31 10:48:56 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
    [2011/03/25 18:49:37 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/03/24 10:51:57 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
    [2011/03/24 10:11:05 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
    [2011/03/24 10:11:05 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
    [2011/03/23 21:54:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
    [2011/03/23 21:54:57 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868
    [2011/03/23 21:54:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19586868
    [2011/03/11 03:16:57 | 007,210,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/04/12 18:49:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/27 13:22:32 | 000,000,212 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/12/27 11:02:28 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/07 14:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2009/09/22 17:28:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
    [2009/09/22 17:28:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
    [2009/09/22 17:28:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
    [2009/09/22 17:23:57 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2009/09/22 17:23:45 | 000,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2009/09/22 17:23:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
    [2009/09/22 17:23:33 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
    [2009/09/22 15:29:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2009/09/22 15:29:18 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2009/09/22 15:29:18 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2009/09/22 15:28:46 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2009/09/22 10:59:32 | 000,001,130 | -H-- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\FASTWiz.html
    [2009/09/18 13:29:54 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\fusioncache.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
    [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/01/11 18:41:48 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/01/11 18:40:31 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2008/01/11 18:02:18 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\srvany.exe
    [2008/01/11 01:03:00 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/01/11 00:40:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2008/01/11 00:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
    [2008/01/11 00:17:13 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
    [2008/01/11 00:17:11 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
    [2008/01/11 00:17:11 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
    [2008/01/11 00:17:10 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
    [2008/01/11 00:17:10 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
    [2008/01/11 00:17:10 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
    [2008/01/11 00:17:10 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
    [2008/01/11 00:17:10 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
    [2008/01/11 00:17:10 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
    [2008/01/11 00:17:10 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
    [2008/01/11 00:06:50 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
    [2008/01/11 00:06:50 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
    [2008/01/11 00:04:47 | 000,011,809 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2008/01/11 00:04:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2008/01/11 00:04:31 | 000,002,479 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/01/11 00:04:22 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/01/10 11:39:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2008/01/10 11:25:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/01/10 11:21:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/01/10 04:03:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/01/10 04:00:34 | 000,341,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/07/27 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2007/07/27 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2007/07/27 05:00:00 | 000,520,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2007/07/27 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2007/07/27 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2007/07/27 05:00:00 | 000,093,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2007/07/27 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2007/07/27 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2007/07/27 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2007/07/27 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2007/07/27 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2007/07/27 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2007/06/28 09:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/06/28 09:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2007/06/28 09:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/06/28 09:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2007/06/28 09:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/06/28 09:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
    [2007/06/28 09:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/06/28 09:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2007/06/28 09:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2007/06/28 09:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/05/10 15:06:34 | 000,001,743 | ---- | C] () -- C:\WINDOWS\PCW140.ini
    [2005/07/27 07:41:45 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
    [2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

    ========== LOP Check ==========

    [2011/03/25 19:37:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\6d23b05
    [2011/03/31 22:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLdPaCe06504
    [2011/02/17 12:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 10 Trial Version
    [2008/01/15 15:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/08/06 07:05:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSMCUJWRS
    [2010/08/29 08:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
    [2008/01/15 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2011/01/03 09:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
    [2011/04/16 11:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2010/12/05 13:37:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
    [2008/01/11 18:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Peachtree
    [2008/01/12 18:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Publish Providers
    [2008/01/12 18:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Sony
    [2011/02/28 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Western Digital
    [2010/04/24 06:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Windows Desktop Search
    [2010/10/23 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Windows Search
    [2009/09/25 11:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2011/03/24 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New Tony R\Application Data\Western Digital
    [2009/10/17 11:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/30 08:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\DriverCure
    [2011/03/31 23:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\GetRightToGo
    [2011/02/21 11:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Home Designer Pro 10 Trial Version
    [2009/09/22 12:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\HotSync
    [2011/01/21 07:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Leadertech
    [2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\MSNInstaller
    [2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\OfficeUpdate12
    [2011/03/30 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\ParetoLogic
    [2009/09/18 13:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Peachtree
    [2009/11/12 11:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Publish Providers
    [2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Snapfish
    [2009/11/12 11:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Sony
    [2011/01/03 09:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Western Digital
    [2010/03/22 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Windows Desktop Search
    [2010/03/27 10:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Windows Search
    [2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-
  10. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    OTL.exe continued

    [2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/01/10 11:23:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/09/22 15:29:31 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
    [2008/01/10 11:14:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/04/22 12:14:23 | 000,016,292 | ---- | M] () -- C:\ComboFix.txt
    [2008/01/10 11:23:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/22 13:37:04 | 000,000,090 | ---- | M] () -- C:\error.log
    [2011/01/01 20:11:11 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2008/01/10 11:23:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2002/01/05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
    [2002/01/05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
    [2008/01/10 11:23:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/07/27 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/09/24 07:24:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2008/01/11 18:02:07 | 000,040,048 | ---- | M] () -- C:\P9install.log
    [2011/04/22 12:15:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/02 12:51:38 | 000,000,393 | ---- | M] () -- C:\rkill.log
    [2010/03/27 13:38:12 | 000,026,458 | ---- | M] () -- C:\WF0409.pdf

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/01/10 11:23:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/05/13 12:40:56 | 000,051,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034.DLL
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2007/01/14 14:23:04 | 000,001,554 | -H-- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/10 03:59:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/01/10 03:59:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/01/10 03:59:49 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/09/24 07:28:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/12/23 23:09:40 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/02/10 23:55:30 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/21 09:41:52 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
    [2011/04/20 09:35:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
    [2011/04/21 09:36:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
    [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
    [2007/11/09 15:40:22 | 004,014,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tony R\Desktop\OutlookConnector.exe
    [2011/04/20 09:14:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/12/23 23:09:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Tony R\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/22 12:49:56 | 000,311,296 | -HS- | M] () -- C:\Documents and Settings\Tony R\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation

    < End of report >
  11. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Extras.Txt

    OTL Extras logfile created on: 4/22/2011 12:52:52 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tony R\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 284.42 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
    Drive D: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ATR-ELECTRIC | User Name: Tony R | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
    "C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{2154375F-A35D-4CB5-A996-3466251F6B3B}" = hpp2800usg
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
    "{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
    "{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83E0E8FF-F256-4712-934D-DDDF15755B27}" = Sony Vegas Movie Studio Platinum 8.0
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA20E409-BDB4-439B-B75B-D5B193546779}" = Linksys Wireless-N PCI Adapter
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3134A3-0089-497D-BDAF-BB546401D199}" = Peachtree Accounting 2007
    "{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
    "{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
    "{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper
    "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Belarc Advisor" = Belarc Advisor 8.1
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Google Chrome" = Google Chrome
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
    "InstallShield_{CB3134A3-0089-497D-BDAF-BB546401D199}" = Peachtree Complete Accounting 2007
    "Integration Services" = Sage Software Integration Services
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Peachtree Complete Accounting" = Peachtree Complete Accounting 2007
    "Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
    "Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
    "PROR" = Microsoft Office Professional 2007
    "RealPlayer 12.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.456
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LNKREAD.VBS> in the hash map cannot be updated.

    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LOCALAPPDATAFILE.CFX> in the hash map cannot
    be updated. Context: Application, SystemIndex Catalog Details: A device attached
    to the system is not functioning. (0x8007001f)

    Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LOCALAPPDATAFILE.CFX> in the hash map cannot
    be updated. Context: Application, SystemIndex Catalog Details: A device attached
    to the system is not functioning. (0x8007001f)

    Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LOCALAPPDATAFOLDER.CFX> in the hash map cannot
    be updated. Context: Application, SystemIndex Catalog Details: A device attached
    to the system is not functioning. (0x8007001f)

    Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LOCALAPPDATAFOLDER.CFX> in the hash map cannot
    be updated. Context: Application, SystemIndex Catalog Details: A device attached
    to the system is not functioning. (0x8007001f)

    Error - 4/22/2011 3:50:21 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\LOCALSETTINGSFILE.CFX> in the hash map cannot
    be updated. Context: Application, SystemIndex Catalog Details: A device attached
    to the system is not functioning. (0x8007001f)

    Error - 4/22/2011 11:08:57 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 4/22/2011 3:13:40 PM | Computer Name = ATR-ELECTRIC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 4/22/2011 3:49:53 PM | Computer Name = ATR-ELECTRIC | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/22/2011 3:49:56 PM | Computer Name = ATR-ELECTRIC | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    [ OSession Events ]
    Error - 9/22/2009 6:44:17 PM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 1/1/2010 5:11:30 AM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 66
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 6/7/2010 1:46:08 PM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
    Description = The DHCP Client service depends on the NetBios over Tcpip service
    which failed to start because of the following error: %%31

    Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
    Description = The DNS Client service depends on the TCP/IP Protocol Driver service
    which failed to start because of the following error: %%31

    Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
    failed to start because of the following error: %%31

    Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD BANTExt Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

    Error - 4/21/2011 1:35:48 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 4/21/2011 1:35:57 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 4/21/2011 1:35:57 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 4/21/2011 1:36:11 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 4/22/2011 1:17:03 AM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer TONY using any of
    the configured protocols.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    You didn't say:
  13. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/03/24 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
      [2011/03/31 22:38:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
      [2011/03/31 22:38:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684
      [2011/03/31 22:38:04 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18341684
      [2011/03/31 20:43:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
      [2011/03/31 20:43:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940
      [2011/03/31 20:43:34 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19717940
      [2011/03/24 10:51:57 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
      [2011/03/23 21:54:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
      [2011/03/23 21:54:57 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868
      [2011/03/23 21:54:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19586868
      [2011/03/25 19:37:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\6d23b05
      [2011/03/31 22:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLdPaCe06504
      [2010/08/06 07:05:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSMCUJWRS
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  14. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Did I miss something?
  15. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    You didn't say how is computer doing.
  16. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    OTL fix

    Here are the fix results. Will start other scans ASAP. The computer is running OK but I still have ie script errors. Haven't tried my browser yet. Unwanted music?


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Program Files\Registry Mechanic\backup folder moved successfully.
    C:\Program Files\Registry Mechanic folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\~18341684r moved successfully.
    C:\Documents and Settings\All Users\Application Data\~18341684 moved successfully.
    C:\Documents and Settings\All Users\Application Data\18341684 moved successfully.
    C:\Documents and Settings\All Users\Application Data\~19717940r moved successfully.
    C:\Documents and Settings\All Users\Application Data\~19717940 moved successfully.
    C:\Documents and Settings\All Users\Application Data\19717940 moved successfully.
    C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr moved successfully.
    C:\Documents and Settings\All Users\Application Data\~19586868r moved successfully.
    C:\Documents and Settings\All Users\Application Data\~19586868 moved successfully.
    C:\Documents and Settings\All Users\Application Data\19586868 moved successfully.
    C:\Documents and Settings\All Users\Application Data\6d23b05\Quarantine Items folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\6d23b05\MSSSys folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\6d23b05\BackUp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\6d23b05 folder moved successfully.
    Folder C:\Documents and Settings\All Users\Application Data\dLdPaCe06504\ not found.
    C:\Documents and Settings\All Users\Application Data\MSMCUJWRS folder moved successfully.
    ADS C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation deleted successfully.
    ========== COMMANDS ==========
  17. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    With browsers closed?

    ??

    What about it?
  18. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    From my original post:

    Problems with hijacked browser, wiped out my bing toolbars and toolbar access to my favorites. Script errors on internet explorer (while connected or not) and have commercials and sound in background (connected or not).

    I just tried to use my browser and it redirected it to yellow pages, while listening to a commercial in the background.

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.4.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
  19. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  20. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    ESETScan

    FYI. Don't know how important this is but during scan "Internet Explorer cannot open site http://www.thefablife.com/tag/the-daily-hot?113320-150752-21983&xrs=AdOn

    Here is the ESET Scan. On to TDSKiller

    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rb_decryptor.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111190.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111191.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111192.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111193.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111194.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111229.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111230.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111231.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111232.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111233.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111234.rbf Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119069.exe a variant of Win32/Adware.RegDefense application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119103.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119104.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119105.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119106.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119107.exe Win32/RegistryBooster application
    C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119108.exe Win32/RegistryBooster application
  21. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    TDSSKiller

    Followed directions for TDSSKiller. Unzipped. TDSSKiller.exe will not run.
  22. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Rename TDSSKiller.exe to broni.com and try again.
  23. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    TDSSKiller

    Did as you asked. A blip of DOS and thats it. Still won't go.
  24. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    =====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  25. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    aswMBR.txt

    aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
    Run date: 2011-04-22 17:00:10
    -----------------------------
    17:00:10.062 OS Version: Windows 5.1.2600 Service Pack 3
    17:00:10.062 Number of processors: 4 586 0xF0B
    17:00:10.062 ComputerName: ATR-ELECTRIC UserName: Tony R
    17:00:11.765 Initialize success
    17:00:58.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    17:00:58.593 Disk 0 Vendor: WDC_WD4000AAKS-00YGA0 12.01C02 Size: 381554MB BusType: 3
    17:01:00.609 Disk 0 MBR read successfully
    17:01:00.609 Disk 0 MBR scan
    17:01:02.609 Disk 0 scanning sectors +781401600
    17:01:02.625 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:01:07.921 Service scanning
    17:01:09.625 Disk 0 trace - called modules:
    17:01:09.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a6b61ed]<<
    17:01:09.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a738ab8]
    17:01:09.625 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a7eaf18]
    17:01:09.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a7a3d98]
    17:01:09.625 \Driver\atapi[0x8a74d030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a6b61ed
    17:01:09.625 Scan finished successfully
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.