Solved IE/Firefox redirects, Can't update Vista, IE sometimes hangs

Status
Not open for further replies.

ChriskK

Posts: 18   +0
Symptoms: Google/Yahoo search in IE/Firefox redirects. Vista update blocked. IE sometimes hangs. Multiple incidents of IE in Task Manager. Pop-ups appear. "Host process has stopped working" message appears.

Step 1:
Symantec Endpoint, Malware Bytes & Spybot indicate NO malware!

Step 2:
TFC was successfully run.

Step 3:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5958

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

3/4/2011 10:57:02 PM
mbam-log-2011-03-04 (22-57-02).txt

Scan type: Quick scan
Objects scanned: 147811
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 4:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-04 23:03:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3320620AS rev.3.AAE
Running: wwnfbyo5.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwldiuod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 865D21F8
Device \Driver\atapi \Device\Ide\IdePort0 865D21F8
Device \Driver\atapi \Device\Ide\IdePort1 865D21F8
Device \Driver\atapi \Device\Ide\IdePort2 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 865D21F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1Port4Path0Target0Lun0 878E31F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1 878E31F8
Device 865D31F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskST3320620AS_____________________________3.AAE___#5&621c102&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

Step 5:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Christian at 23:31:23.79 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2178 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
e:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
e:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\n52te\n52teHid.exe
C:\Windows\System32\Ctxfihlp.exe
E:\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
G:\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Christian\AppData\Local\Temp\BD0C.tmp\MBR.DAT
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msconfig.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Christian\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] e:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [FinePrint Dispatcher v5] c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AcronisTimounterMonitor] e:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Jomantha] c:\program files\n52te\n52teHid.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "e:\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "e:\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "e:\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [TrkMonitor] "c:\program files\canon electronics\dr1210c\TrkMonitor.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] e:\avg\avg10\avgtray.exe
mRun: [Zune Launcher] "g:\zune\ZuneLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2008-11-21 971232]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]
R2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\drivers\EBIOS32.SYS [2008-11-28 13922]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 363344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-26 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-7 1839776]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-26 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-26 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-9-24 99856]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-3 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
S2 NOD32krn;NOD32 Kernel Service;"e:\program files\eset\nod32krn.exe" --> e:\program files\eset\nod32krn.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-2-7 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2008-12-16 48896]
.
=============== Created Last 30 ================
.
2011-03-04 08:10:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 08:10:32 -------- d-----w- c:\progra~2\AVG10
2011-03-04 08:07:26 -------- d-----w- c:\progra~2\MFAData
2011-03-04 06:33:02 -------- d-----w- c:\progra~2\AVAST Software
2011-03-04 05:26:45 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-03-04 04:35:01 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
2011-03-04 04:35:00 31424 ----a-w- c:\windows\system32\V3w32se2.dll
2011-03-04 04:34:23 -------- d-----w- c:\program files\common files\AhnLab
2011-03-04 04:33:52 -------- d-----w- c:\progra~2\AhnLab
2011-03-04 04:25:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-03-04 04:25:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
2011-03-04 04:24:57 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-04 04:24:51 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-03-04 02:26:32 -------- d-----w- c:\users\christ~1\appdata\local\Threat Expert
2011-03-04 02:03:39 -------- d-----w- c:\users\christ~1\appdata\roaming\PC Tools
2011-03-04 02:03:39 -------- d-----w- c:\program files\PC Tools Security
2011-03-04 02:03:39 -------- d-----w- c:\program files\common files\PC Tools
2011-03-04 02:02:15 -------- d-----w- c:\progra~2\PC Tools
2011-03-03 23:37:21 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-03 23:18:24 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-03 23:16:41 -------- d-----w- c:\progra~2\Norton
2011-03-03 08:06:52 -------- d-----w- c:\users\christ~1\appdata\local\Sunbelt Software
2011-03-03 08:06:16 -------- dc-h--w- c:\progra~2\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-03 08:05:38 -------- d-----w- c:\program files\Lavasoft
2011-03-03 07:55:17 -------- d-----w- c:\program files\Trend Micro
2011-03-03 05:29:50 -------- d-----w- c:\windows\system32\appmgmt
2011-02-27 01:29:21 -------- d-----w- c:\users\christ~1\appdata\roaming\Fender
2011-02-27 01:27:02 -------- d-----w- c:\program files\Fender
2011-02-20 01:23:53 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-20 01:23:53 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-20 01:23:53 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-20 01:16:13 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-20 01:15:47 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
2011-02-08 22:45:31 -------- d-----w- c:\program files\BitTorrent
.
==================== Find3M ====================
.
2011-03-04 06:57:22 4578856446 ----a-w- c:\windows\system32\msvcache.dll
2011-03-04 05:27:04 119296 ----a-w- c:\windows\system32\zlib.dll
2011-02-07 14:11:38 89600 ----a-w- c:\windows\system32\atl71.dll
2011-02-07 14:11:38 87408 ----a-w- c:\windows\system32\FwsVpn.dll
2011-02-07 14:11:38 107888 ----a-w- c:\windows\system32\SymVPN.dll
2011-01-26 03:53:14 32 ----a-w- c:\windows\system32\wdccom.dat.dll
2011-01-25 10:11:28 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
2011-01-25 10:05:44 1094144 ----a-w- c:\windows\system32\Portax86.dll
2011-01-19 08:26:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
.
============= FINISH: 23:31:53.18 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2008 9:47:25 PM
System Uptime: 3/4/2011 11:18:31 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D975XBX2
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | J3E1 | 2877/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 31.102 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 34.082 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 37.28 GiB free.
F: is FIXED (NTFS) - 142 GiB total, 27.806 GiB free.
G: is FIXED (NTFS) - 140 GiB total, 63.294 GiB free.
H: is FIXED (NTFS) - 140 GiB total, 115 GiB free.
I: is CDROM (UDF)
J: is CDROM ()
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP759: 2/19/2011 2:10:44 PM - Scheduled Checkpoint
RP761: 2/19/2011 8:21:47 PM - HP Installation Restore Point
RP762: 2/21/2011 9:03:51 AM - Scheduled Checkpoint
RP763: 2/22/2011 7:19:09 AM - Scheduled Checkpoint
RP764: 2/23/2011 10:31:13 PM - Scheduled Checkpoint
RP765: 2/24/2011 11:27:12 AM - Scheduled Checkpoint
RP766: 2/25/2011 5:33:45 PM - Scheduled Checkpoint
RP767: 2/26/2011 11:07:39 AM - Scheduled Checkpoint
RP768: 2/27/2011 11:47:20 AM - Scheduled Checkpoint
RP769: 2/28/2011 12:40:16 PM - Scheduled Checkpoint
RP773: 3/2/2011 9:38:28 PM - Restore Operation
RP796: 3/3/2011 10:46:40 PM - Restore Operation
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Acronis*Disk Director Suite
Acronis*True*Image*Home
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
ATI Catalyst Install Manager
Brother HL-2170W
Canon DR-1210C Driver
CapturePerfect 3.0
Carom3D
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CommVault Systems DataArchiver Outlook Add-In (Instance001)
Creative Audio Control Panel
Creative Sound Blaster Properties
Dead Space 2
DisplayFusion 2.2.1
DNE Update
DR-1210C Job Tool
Droplitz
eReg
EVEREST Ultimate Edition v4.20
FileASSASSIN
FinePrint
Fraps
Garmin USB Drivers
Garmin WebUpdater
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P2050 Series 6.0
hppFonts
hppQFolderP2050
Intel(R) Network Connections 14.5.1.0
Java(TM) 6 Update 11
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.20
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monkey's Audio
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
n52te Editor
Nero 7 Premium
OpenAL
ordrumbox-0.8.05
PASW Statistics 18
pdfFactory Pro
PerfectDisk
Pinnacle Game Profiler
PTC ProDESKTOP 8.0
RESIDENT EVIL 5
ScanSoft PaperPort 11
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SharpKeys
SPSS 11.5 for Windows
SPT-667 Phrase Trainer 1
Spybot - Search & Destroy
StarCraft
Steam
Super Meat Boy
Symantec Endpoint Protection
The KMPlayer (remove only)
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2291599)
ViceVersa Pro 1.3.1
Virtual Pool 3 DL
VistaGlazz 1.1
WebReg
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Player Firefox Plugin
WinRAR archiver
WinTidy 1.0.11
Your Uninstaller! 2008 Version 6.2
YouTube Music Converter V1.3.8
Youtube Music Downloader V3.6
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
3/4/2011 9:03:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
3/4/2011 3:34:12 AM, Error: EventLog [6008] - The previous system shutdown at 3:32:21 AM on 3/4/2011 was unexpected.
3/4/2011 3:25:25 AM, Error: Service Control Manager [7000] -
3/4/2011 3:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 bbfbb
3/4/2011 3:16:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PinnacleUpdate Service service to connect.
3/4/2011 3:14:22 AM, Error: EventLog [6008] - The previous system shutdown at 3:10:28 AM on 3/4/2011 was unexpected.
3/4/2011 2:11:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/4/2011 11:24:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/4/2011 11:23:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/4/2011 11:19:48 PM, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 11:19:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb
3/4/2011 11:19:48 PM, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the path specified.
3/4/2011 11:19:21 PM, Error: EventLog [6008] - The previous system shutdown at 11:17:19 PM on 3/4/2011 was unexpected.
3/4/2011 10:42:56 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 1:59:11 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AMonLWLH AMonTDLH aswRdr aswSnx aswSP aswTdi ATamptNt_V3IS80 bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k v3engine V3Flt2K Wanarpv6 WPS
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/4/2011 1:53:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/4/2011 1:52:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2011 1:52:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/4/2011 1:52:23 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:29 AM on 3/4/2011 was unexpected.
3/4/2011 1:51:48 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/4/2011 1:47:29 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:16 AM on 3/4/2011 was unexpected.
3/4/2011 1:33:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/4/2011 1:30:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATamptNt_V3IS80 bbfbb eeCtrl hdaudbex SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI usbc2k v3engine V3Flt2K Wanarpv6
3/4/2011 1:29:32 AM, Error: EventLog [6008] - The previous system shutdown at 1:27:38 AM on 3/4/2011 was unexpected.
3/3/2011 9:52:23 PM, Error: EventLog [6008] - The previous system shutdown at 9:50:46 PM on 3/3/2011 was unexpected.
3/3/2011 9:44:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:43:10 PM on 3/3/2011 was unexpected.
3/3/2011 9:39:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:37:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:15:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:30 PM on 3/3/2011 was unexpected.
3/3/2011 9:11:30 PM, Error: EventLog [6008] - The previous system shutdown at 9:09:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/3/2011 8:58:21 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
3/3/2011 3:06:46 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 12:18:46 AM, Error: EventLog [6008] - The previous system shutdown at 12:17:15 AM on 3/3/2011 was unexpected.
3/3/2011 11:52:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/3/2011 11:25:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 11:17:30 PM, Error: PlugPlayManager [12] - The device 'NAVEX15' (Root\LEGACY_NAVEX15\0000) disappeared from the system without first being prepared for removal.
3/3/2011 11:11:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/3/2011 11:09:12 PM, Error: SRTSPL [11] - Unable to allocate open file data.
3/3/2011 11:09:12 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/3/2011 11:09:12 PM, Error: SRTSP [4] - Error loading virus definitions.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:07:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb eeCtrl SRTSP
3/3/2011 10:42:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb SRTSP
3/3/2011 10:41:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:39:29 PM on 3/3/2011 was unexpected.
3/3/2011 10:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/3/2011 10:07:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k Wanarpv6 WPS ws2ifsl
3/3/2011 10:07:34 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:23 PM on 3/3/2011 was unexpected.
3/3/2011 1:05:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/3/2011 1:02:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/2/2011 6:00:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:49 PM on 3/2/2011 was unexpected.
2/25/2011 4:05:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001CC0051441 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/25/2011 4:04:59 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:29 AM on 2/25/2011 was unexpected.
2/25/2011 11:45:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

Step 6:
I also ran Ad-aware & Avast. No malware was detected!

Please help. Thank you!!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Holy Cow! It cured my PC!! I thought I'd reinstall the OS.

God bless you, Broni~~

I'm curious as to how this virus got into my system. I'm running Symantec Endpoint & Spybot and apparently both program didn't detect it. The only thing that I added to the PC before the symptoms appeared was Adobe Flash.
 
I'm glad to hear good news :)

There is no perfect security program.
As long, as you're connected to the net, you're in danger unless you stick to certain rules.

I still need TDSSKiller log and we'll need to run some more scans to make sure, your computer is totally clean.
 
I ran the TDSSkiller again after it killed the TDSS virus. Here's the log. It found one suspicious file.

2011/03/05 00:38:08.0395 4004 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 00:38:08.0567 4004 ================================================================================
2011/03/05 00:38:08.0567 4004 SystemInfo:
2011/03/05 00:38:08.0567 4004
2011/03/05 00:38:08.0567 4004 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/05 00:38:08.0567 4004 Product type: Workstation
2011/03/05 00:38:08.0567 4004 ComputerName: CHRISTIAN-PC
2011/03/05 00:38:08.0567 4004 UserName: Christian
2011/03/05 00:38:08.0567 4004 Windows directory: C:\Windows
2011/03/05 00:38:08.0567 4004 System windows directory: C:\Windows
2011/03/05 00:38:08.0567 4004 Processor architecture: Intel x86
2011/03/05 00:38:08.0567 4004 Number of processors: 4
2011/03/05 00:38:08.0567 4004 Page size: 0x1000
2011/03/05 00:38:08.0567 4004 Boot type: Normal boot
2011/03/05 00:38:08.0567 4004 ================================================================================
2011/03/05 00:38:09.0255 4004 Initialize success
2011/03/05 00:38:12.0380 5644 ================================================================================
2011/03/05 00:38:12.0380 5644 Scan started
2011/03/05 00:38:12.0380 5644 Mode: Manual;
2011/03/05 00:38:12.0380 5644 ================================================================================
2011/03/05 00:38:13.0286 5644 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/03/05 00:38:13.0333 5644 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/05 00:38:13.0426 5644 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/05 00:38:13.0473 5644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/05 00:38:13.0489 5644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/05 00:38:13.0505 5644 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/05 00:38:13.0567 5644 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/05 00:38:13.0598 5644 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/05 00:38:13.0661 5644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/05 00:38:13.0692 5644 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/05 00:38:13.0739 5644 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/05 00:38:13.0770 5644 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/05 00:38:13.0786 5644 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/05 00:38:13.0801 5644 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/05 00:38:14.0161 5644 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/05 00:38:14.0395 5644 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/05 00:38:14.0489 5644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/05 00:38:14.0505 5644 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/05 00:38:14.0551 5644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 00:38:14.0583 5644 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/05 00:38:14.0661 5644 AtiHDAudioService (2ed0e3565f9ea5fc3a4143e9aaad949c) C:\Windows\system32\drivers\AtihdLH3.sys
2011/03/05 00:38:14.0708 5644 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
2011/03/05 00:38:15.0036 5644 atikmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/05 00:38:15.0208 5644 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/03/05 00:38:15.0301 5644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/05 00:38:15.0395 5644 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 00:38:15.0426 5644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/05 00:38:15.0442 5644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/05 00:38:15.0473 5644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/05 00:38:15.0489 5644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/05 00:38:15.0505 5644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/05 00:38:15.0551 5644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/05 00:38:15.0567 5644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/05 00:38:15.0645 5644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 00:38:15.0692 5644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 00:38:15.0708 5644 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/05 00:38:15.0770 5644 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/05 00:38:15.0786 5644 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/05 00:38:15.0848 5644 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\Windows\system32\Drivers\COH_Mon.sys
2011/03/05 00:38:15.0895 5644 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/03/05 00:38:15.0911 5644 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/05 00:38:15.0958 5644 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/05 00:38:16.0020 5644 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/03/05 00:38:16.0098 5644 CT20XUT (f3853ffef16c14214a271db60243d1aa) C:\Windows\system32\drivers\CT20XUT.SYS
2011/03/05 00:38:16.0145 5644 CT20XUT.SYS (f3853ffef16c14214a271db60243d1aa) C:\Windows\System32\drivers\CT20XUT.SYS
2011/03/05 00:38:16.0208 5644 ctac32k (7a437a2b771c40e2255f293dc82fd20c) C:\Windows\system32\drivers\ctac32k.sys
2011/03/05 00:38:16.0239 5644 ctaud2k (2a68b4e68e43a394b22b3424e7a6e5af) C:\Windows\system32\drivers\ctaud2k.sys
2011/03/05 00:38:16.0286 5644 ctdvda2k (c3fe1c4c353efdfc893c1f3b7847caba) C:\Windows\system32\drivers\ctdvda2k.sys
2011/03/05 00:38:16.0426 5644 CTEXFIFX (02b287c3305c171bc7611928d4bc3b48) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/03/05 00:38:16.0505 5644 CTEXFIFX.SYS (02b287c3305c171bc7611928d4bc3b48) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/03/05 00:38:16.0567 5644 CTHWIUT (93f1b4071ef759082d07c5864aaa67b0) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/03/05 00:38:16.0583 5644 CTHWIUT.SYS (93f1b4071ef759082d07c5864aaa67b0) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/03/05 00:38:16.0630 5644 ctprxy2k (a57b34c36d1a9c886ef86311f256090f) C:\Windows\system32\drivers\ctprxy2k.sys
2011/03/05 00:38:16.0739 5644 ctsfm2k (2bf688833a70758aaf6d89469e15a7b9) C:\Windows\system32\drivers\ctsfm2k.sys
2011/03/05 00:38:16.0801 5644 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/03/05 00:38:16.0911 5644 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/03/05 00:38:16.0989 5644 DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\Windows\system32\drivers\DefragFS.sys
2011/03/05 00:38:17.0020 5644 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 00:38:17.0098 5644 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/05 00:38:17.0130 5644 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
2011/03/05 00:38:17.0208 5644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 00:38:17.0286 5644 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 00:38:17.0348 5644 e1express (abfd0739bda1a9295b872a4b27326b9c) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/05 00:38:17.0395 5644 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/05 00:38:17.0458 5644 EBIOS32 (81bee29f3d4a810350312d8b29cb8afa) C:\Windows\system32\Drivers\EBIOS32.SYS
2011/03/05 00:38:17.0505 5644 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/05 00:38:17.0676 5644 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/05 00:38:17.0848 5644 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/05 00:38:17.0895 5644 emupia (ebf597b66f03035c1cc9e8352f964680) C:\Windows\system32\drivers\emupia2k.sys
2011/03/05 00:38:18.0098 5644 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/05 00:38:18.0270 5644 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/05 00:38:18.0333 5644 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 00:38:18.0426 5644 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 00:38:18.0489 5644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 00:38:18.0505 5644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 00:38:18.0567 5644 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 00:38:18.0598 5644 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 00:38:18.0723 5644 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 00:38:18.0770 5644 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/05 00:38:18.0817 5644 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/05 00:38:18.0895 5644 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/03/05 00:38:18.0958 5644 ha20x2k (e9ea9dc7f57103d5d9cb71c27a1a47cf) C:\Windows\system32\drivers\ha20x2k.sys
2011/03/05 00:38:19.0020 5644 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/05 00:38:19.0067 5644 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 00:38:19.0114 5644 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/05 00:38:19.0145 5644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/05 00:38:19.0192 5644 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 00:38:19.0223 5644 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/05 00:38:19.0301 5644 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 00:38:19.0348 5644 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/05 00:38:19.0395 5644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 00:38:19.0442 5644 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/05 00:38:19.0458 5644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/05 00:38:19.0505 5644 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/05 00:38:19.0520 5644 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 00:38:19.0630 5644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 00:38:19.0661 5644 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/05 00:38:19.0676 5644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/05 00:38:19.0739 5644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/05 00:38:19.0770 5644 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/05 00:38:19.0833 5644 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 00:38:19.0848 5644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/05 00:38:19.0880 5644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/05 00:38:19.0926 5644 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\Windows\system32\Drivers\JmtFltr.sys
2011/03/05 00:38:19.0973 5644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 00:38:20.0020 5644 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/05 00:38:20.0067 5644 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 00:38:20.0130 5644 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/03/05 00:38:20.0192 5644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 00:38:20.0208 5644 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/03/05 00:38:20.0270 5644 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/05 00:38:20.0301 5644 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/05 00:38:20.0333 5644 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/05 00:38:20.0364 5644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/05 00:38:20.0411 5644 LUsbFilt (9bbd8674c1d3811b851c8cf8a8e30e2c) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/03/05 00:38:20.0458 5644 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/03/05 00:38:20.0505 5644 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/05 00:38:20.0567 5644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/05 00:38:20.0630 5644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 00:38:20.0676 5644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 00:38:20.0692 5644 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 00:38:20.0723 5644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 00:38:20.0770 5644 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/05 00:38:20.0801 5644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 00:38:20.0817 5644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/05 00:38:20.0848 5644 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 00:38:20.0895 5644 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 00:38:21.0005 5644 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 00:38:21.0036 5644 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 00:38:21.0208 5644 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/05 00:38:21.0239 5644 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/05 00:38:21.0317 5644 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/03/05 00:38:21.0333 5644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 00:38:21.0395 5644 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/05 00:38:21.0426 5644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 00:38:21.0489 5644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 00:38:21.0520 5644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 00:38:21.0583 5644 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 00:38:21.0614 5644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 00:38:21.0661 5644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 00:38:21.0692 5644 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/05 00:38:21.0739 5644 NAL (84f896db6036caab40079f5a54f04e9c) C:\Windows\system32\Drivers\iqvw32.sys
2011/03/05 00:38:21.0801 5644 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 00:38:22.0005 5644 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVENG.SYS
2011/03/05 00:38:22.0176 5644 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVEX15.SYS
2011/03/05 00:38:22.0505 5644 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/05 00:38:22.0536 5644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 00:38:22.0583 5644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 00:38:22.0614 5644 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 00:38:22.0630 5644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 00:38:22.0645 5644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 00:38:22.0723 5644 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 00:38:22.0755 5644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/05 00:38:22.0801 5644 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 00:38:22.0880 5644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 00:38:22.0989 5644 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 00:38:23.0020 5644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/05 00:38:23.0067 5644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/05 00:38:23.0130 5644 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/05 00:38:23.0145 5644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/05 00:38:23.0161 5644 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/05 00:38:23.0348 5644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 00:38:23.0395 5644 ossrv (0e2f8a96f238d4a45068275fc659a2fc) C:\Windows\system32\drivers\ctoss2k.sys
2011/03/05 00:38:23.0458 5644 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/03/05 00:38:23.0489 5644 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 00:38:23.0520 5644 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/05 00:38:23.0551 5644 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/05 00:38:23.0583 5644 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/05 00:38:23.0676 5644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/05 00:38:23.0739 5644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/05 00:38:23.0833 5644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 00:38:23.0864 5644 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/05 00:38:23.0911 5644 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 00:38:23.0958 5644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/05 00:38:23.0973 5644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/05 00:38:24.0036 5644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 00:38:24.0051 5644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 00:38:24.0083 5644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 00:38:24.0145 5644 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 00:38:24.0176 5644 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 00:38:24.0286 5644 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 00:38:24.0348 5644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 00:38:24.0380 5644 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/03/05 00:38:24.0411 5644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 00:38:24.0489 5644 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 00:38:24.0536 5644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 00:38:24.0583 5644 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/03/05 00:38:24.0630 5644 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2011/03/05 00:38:24.0661 5644 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/05 00:38:24.0723 5644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 00:38:24.0755 5644 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/05 00:38:24.0786 5644 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/05 00:38:24.0817 5644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/05 00:38:24.0942 5644 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/05 00:38:24.0973 5644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/05 00:38:25.0005 5644 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/05 00:38:25.0036 5644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/05 00:38:25.0098 5644 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/05 00:38:25.0098 5644 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/05 00:38:25.0114 5644 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/05 00:38:25.0223 5644 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 00:38:25.0364 5644 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
2011/03/05 00:38:25.0583 5644 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/05 00:38:25.0770 5644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/05 00:38:25.0864 5644 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/05 00:38:25.0864 5644 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/05 00:38:25.0895 5644 sptd - detected Locked file (1)
2011/03/05 00:38:25.0989 5644 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\Windows\system32\Drivers\SRTSP.SYS
2011/03/05 00:38:26.0051 5644 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/03/05 00:38:26.0114 5644 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/03/05 00:38:26.0176 5644 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 00:38:26.0239 5644 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 00:38:26.0270 5644 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 00:38:26.0348 5644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 00:38:26.0411 5644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/05 00:38:26.0458 5644 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/03/05 00:38:26.0489 5644 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/03/05 00:38:26.0551 5644 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/03/05 00:38:26.0567 5644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/05 00:38:26.0567 5644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/05 00:38:26.0598 5644 SysPlant (666992d996c524812e713effd836d043) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
2011/03/05 00:38:26.0770 5644 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 00:38:26.0895 5644 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 00:38:26.0926 5644 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 00:38:27.0036 5644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 00:38:27.0161 5644 tdrpman147 (be7b1a73272648622b39be3c610e3ca0) C:\Windows\system32\DRIVERS\tdrpm147.sys
2011/03/05 00:38:27.0192 5644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 00:38:27.0301 5644 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 00:38:27.0364 5644 Teefer2 (f63439ac8fa992bfa0c757eb644a1a0c) C:\Windows\system32\DRIVERS\teefer2.sys
2011/03/05 00:38:27.0426 5644 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 00:38:27.0520 5644 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/03/05 00:38:27.0536 5644 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
2011/03/05 00:38:27.0583 5644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 00:38:27.0614 5644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/05 00:38:27.0645 5644 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 00:38:27.0692 5644 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/05 00:38:27.0723 5644 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 00:38:27.0786 5644 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\Windows\system32\Drivers\usbicp.sys
2011/03/05 00:38:27.0817 5644 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/05 00:38:27.0848 5644 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/05 00:38:27.0911 5644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/05 00:38:27.0958 5644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/05 00:38:28.0005 5644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 00:38:28.0114 5644 UnlockerDriver5 (4847639d852763ee39415c929470f672) e:\Program Files\Unlocker\UnlockerDriver5.sys
2011/03/05 00:38:28.0192 5644 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/05 00:38:28.0255 5644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 00:38:28.0301 5644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/05 00:38:28.0333 5644 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 00:38:28.0395 5644 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 00:38:28.0411 5644 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/05 00:38:28.0473 5644 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/05 00:38:28.0520 5644 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/05 00:38:28.0551 5644 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 00:38:28.0583 5644 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 00:38:28.0645 5644 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/05 00:38:28.0739 5644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/05 00:38:28.0801 5644 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\Windows\system32\DRIVERS\vhidmini.sys
2011/03/05 00:38:28.0864 5644 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/05 00:38:28.0880 5644 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/05 00:38:28.0895 5644 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/05 00:38:28.0958 5644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/05 00:38:28.0989 5644 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 00:38:29.0098 5644 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/05 00:38:29.0192 5644 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/05 00:38:29.0239 5644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/05 00:38:29.0364 5644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 00:38:29.0380 5644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 00:38:29.0426 5644 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/05 00:38:29.0458 5644 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 00:38:29.0551 5644 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/03/05 00:38:29.0583 5644 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/05 00:38:29.0645 5644 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/05 00:38:29.0692 5644 WPS (9748e527f0d71bc86a1fe45f294e368b) C:\Windows\system32\drivers\wpsdrvnt.sys
2011/03/05 00:38:29.0723 5644 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
2011/03/05 00:38:29.0755 5644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 00:38:29.0817 5644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/05 00:38:29.0864 5644 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/03/05 00:38:29.0973 5644 ================================================================================
2011/03/05 00:38:29.0973 5644 Scan finished
2011/03/05 00:38:29.0973 5644 ================================================================================
2011/03/05 00:38:29.0973 5592 Detected object count: 1
2011/03/05 00:38:44.0567 5592 Locked file(sptd) - User select action: Skip
 
That file is safe.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x00000bfc

Kernel Drivers (total 178):
0x82A1F000 \SystemRoot\system32\ntkrnlpa.exe
0x82DD8000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\System32\Drivers\spat.sys
0x80783000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B2000 \SystemRoot\system32\drivers\acpi.sys
0x807F8000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B7000 \SystemRoot\system32\drivers\pci.sys
0x805DE000 \SystemRoot\System32\drivers\partmgr.sys
0x805ED000 \SystemRoot\system32\drivers\volmgr.sys
0x8B609000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B653000 \SystemRoot\system32\drivers\intelide.sys
0x8B65A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B668000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B678000 \SystemRoot\system32\drivers\atapi.sys
0x8B680000 \SystemRoot\system32\drivers\ataport.SYS
0x8B69E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B6D0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B6E0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B751000 \SystemRoot\System32\Drivers\DefragFS.sys
0x8B804000 \SystemRoot\system32\drivers\ndis.sys
0x8B90F000 \SystemRoot\system32\drivers\msrpc.sys
0x8B93A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB12000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BC05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD15000 \SystemRoot\system32\drivers\volsnap.sys
0x8BE09000 \SystemRoot\system32\DRIVERS\tdrpm147.sys
0x8BEF5000 \SystemRoot\System32\Drivers\spldr.sys
0x8BEFD000 \SystemRoot\system32\DRIVERS\snman380.sys
0x8BF1D000 \SystemRoot\System32\Drivers\mup.sys
0x8BF2C000 \SystemRoot\system32\giveio.sys
0x8BF2D000 \SystemRoot\System32\drivers\ecache.sys
0x8BF54000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BF78000 \SystemRoot\system32\drivers\disk.sys
0x8BF89000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFAA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BD4E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BD5D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8FC0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x902A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9033F000 \SystemRoot\System32\drivers\watchdog.sys
0x9034B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BD9A000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x903D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x903E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B975000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8BDD2000 \SystemRoot\system32\drivers\portcls.sys
0x8BBD3000 \SystemRoot\system32\drivers\drmk.sys
0x8B764000 \SystemRoot\system32\drivers\ks.sys
0x8B78E000 \SystemRoot\system32\drivers\ctoss2k.sys
0x903F2000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8B7C3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B7D3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B7E1000 \SystemRoot\system32\DRIVERS\parport.sys
0x90804000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9081C000 \SystemRoot\System32\Drivers\aijr3okz.SYS
0x90855000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x90873000 \SystemRoot\system32\DRIVERS\vhidmini.sys
0x90877000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90887000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9088E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x908BD000 \SystemRoot\system32\DRIVERS\storport.sys
0x908FE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90909000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90920000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9092B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9094E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9095D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90971000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90C02000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90C8B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90C9B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90CA6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90CB1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90CB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90CBD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90CCA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x95207000 \SystemRoot\system32\drivers\ha20x2k.sys
0x9532A000 \SystemRoot\system32\drivers\emupia2k.sys
0x9535A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x90CFF000 \SystemRoot\system32\drivers\ctac32k.sys
0x95383000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95394000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x953A9000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x95801000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x95948000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x95963000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x95E0A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVEX15.SYS
0x95F55000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x95F7A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVENG.SYS
0x95F8E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95FA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95FA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95FB0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95FB9000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x95FC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x95FCC000 \SystemRoot\System32\Drivers\Null.SYS
0x95FD3000 \SystemRoot\System32\Drivers\Beep.SYS
0x95FDA000 \SystemRoot\System32\drivers\vga.sys
0x959AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x95FE6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x95FEE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x959CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x959DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x95FF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x959E8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90D9B000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x953D5000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x90DC8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x953E4000 \SystemRoot\system32\DRIVERS\smb.sys
0x90986000 \SystemRoot\system32\drivers\afd.sys
0x909CE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9A20D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9A220000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9A28A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9A2C6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9A2D0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9A32E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9A34B000 \SystemRoot\system32\drivers\csc.sys
0x9A3A6000 \SystemRoot\System32\Drivers\dfsc.sys
0x9A3BD000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x9A3C5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A3CD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x9A3D5000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x9E208000 \SystemRoot\system32\DRIVERS\udfs.sys
0x9E243000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9E250000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9E25B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9E263000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x814C0000 \SystemRoot\System32\win32k.sys
0x9E274000 \SystemRoot\System32\drivers\Dxapi.sys
0x9E27E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x816E0000 \SystemRoot\System32\TSDDD.dll
0x81700000 \SystemRoot\System32\cdd.dll
0x9E28D000 \SystemRoot\system32\drivers\luafv.sys
0x9E2A8000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x9E2BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E2CA000 \SystemRoot\system32\drivers\spsys.sys
0x9E37A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E38D000 \SystemRoot\system32\drivers\HTTP.sys
0x9A3E3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A200000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x8BFB3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BFCC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xABE07000 \SystemRoot\system32\drivers\mrxdav.sys
0xABE28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xABE47000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xABE80000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xABE98000 \SystemRoot\System32\DRIVERS\srv2.sys
0xABEBF000 \SystemRoot\System32\DRIVERS\srv.sys
0xABF0D000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xABF14000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xABFA4000 \SystemRoot\System32\Drivers\EBIOS32.SYS
0xAE806000 \SystemRoot\system32\drivers\peauth.sys
0xAE8E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE8EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE8FA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE910000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xAE932000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0xAE95A000 \??\C:\Windows\system32\drivers\mbam.sys
0xAE95E000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x81710000 \SystemRoot\System32\ATMFD.DLL
0x77970000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 72):
0 System Idle Process
4 System
656 C:\Windows\System32\smss.exe
732 csrss.exe
796 C:\Windows\System32\wininit.exe
804 csrss.exe
840 C:\Windows\System32\services.exe
856 C:\Windows\System32\lsass.exe
864 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\winlogon.exe
1060 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\atiesrxx.exe
1236 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1408 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1432 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\SLsvc.exe
1560 C:\Windows\System32\atieclxx.exe
1576 C:\Windows\System32\svchost.exe
1680 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1812 C:\Windows\System32\svchost.exe
1924 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
600 C:\Windows\System32\spoolsv.exe
672 C:\Windows\System32\svchost.exe
2068 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2128 C:\Program Files\JHSecure\VPN Client\cvpnd.exe
2180 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2204 C:\Windows\System32\svchost.exe
2268 E:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
2328 C:\Windows\System32\taskeng.exe
2416 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2468 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2576 C:\Windows\System32\svchost.exe
2632 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3132 E:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
3768 C:\Windows\System32\taskeng.exe
712 C:\Windows\System32\dwm.exe
2264 C:\Windows\explorer.exe
3052 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
1900 E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
3048 C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
4012 E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
3380 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
2060 C:\Program Files\n52te\n52teHid.exe
4064 C:\Windows\System32\Ctxfihlp.exe
3628 E:\ScanSoft\PaperPort\pptd40nt.exe
2340 C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
1340 G:\Zune\ZuneLauncher.exe
1416 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1344 C:\Program Files\Windows Sidebar\sidebar.exe
1200 C:\Windows\ehome\ehtray.exe
3404 C:\Program Files\DAEMON Tools Lite\DTLite.exe
1968 C:\Windows\System32\CTxfispi.exe
3456 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4236 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4272 C:\Windows\ehome\ehmsas.exe
4656 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
4756 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4964 C:\Program Files\Logitech\SetPointG\SetPointII.exe
5616 C:\Windows\System32\wuauclt.exe
180 C:\Program Files\Internet Explorer\iexplore.exe
5052 C:\Program Files\Internet Explorer\iexplore.exe
1352 C:\Program Files\Internet Explorer\iexplore.exe
4748 C:\Program Files\Internet Explorer\iexplore.exe
3492 C:\Windows\System32\dllhost.exe
3976 C:\Users\Christian\Desktop\MBRCheck.exe
5496 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c908400 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000027`10ea5c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000022`ee6efe00 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAE
PhysicalDrive1 Model Number: ST3300622AS, Rev: 3.AAH

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
279 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



*********************
ComboFix 11-03-04.04 - Christian 03/05/2011 0:48.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2117 [GMT -5:00]
Running from: c:\users\Christian\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
C:\Recycle
c:\windows\system32\temp.000
c:\windows\system32\wdccom.dat.dll
H:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 05:52 . 2011-03-05 05:53 -------- d-----w- c:\users\Christian\AppData\Local\temp
2011-03-05 05:47 . 2011-03-05 05:47 -------- d-----w- C:\32788R22FWJFW
2011-03-05 05:25 . 2011-03-05 05:25 -------- d-----w- c:\windows\LastGood
2011-03-04 08:10 . 2011-03-04 08:10 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 08:10 . 2011-03-04 08:10 -------- d-----w- c:\programdata\AVG10
2011-03-04 08:07 . 2011-03-04 08:26 -------- d-----w- c:\programdata\MFAData
2011-03-04 06:33 . 2011-03-04 08:02 -------- d-----w- c:\programdata\AVAST Software
2011-03-04 05:26 . 2010-09-11 03:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-03-04 04:35 . 2010-04-20 08:12 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
2011-03-04 04:35 . 2009-10-16 12:04 31424 ----a-w- c:\windows\system32\V3w32se2.dll
2011-03-04 04:34 . 2011-03-04 04:35 -------- d-----w- c:\program files\Common Files\AhnLab
2011-03-04 04:33 . 2011-03-04 04:35 -------- d-----w- c:\programdata\AhnLab
2011-03-04 04:25 . 2011-02-07 14:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-03-04 04:25 . 2011-02-07 14:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
2011-03-04 04:24 . 2011-03-04 04:25 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-04 04:24 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-03-04 02:26 . 2011-03-04 02:26 -------- d-----w- c:\users\Christian\AppData\Local\Threat Expert
2011-03-04 02:03 . 2011-03-04 03:31 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-04 02:03 . 2011-03-04 02:52 -------- d-----w- c:\program files\PC Tools Security
2011-03-04 02:03 . 2011-03-04 02:03 -------- d-----w- c:\users\Christian\AppData\Roaming\PC Tools
2011-03-04 02:02 . 2011-03-04 02:03 -------- d-----w- c:\programdata\PC Tools
2011-03-03 23:37 . 2011-03-03 23:42 -------- d-----w- c:\programdata\Hitman Pro
2011-03-03 23:16 . 2011-03-03 23:18 -------- d-----w- c:\programdata\Norton
2011-03-03 08:06 . 2011-03-03 08:06 -------- d-----w- c:\users\Christian\AppData\Local\Sunbelt Software
2011-03-03 08:06 . 2011-03-03 08:06 -------- dc-h--w- c:\programdata\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-03 08:05 . 2011-03-03 08:06 -------- d-----w- c:\programdata\Lavasoft
2011-03-03 08:05 . 2011-03-03 08:05 -------- d-----w- c:\program files\Lavasoft
2011-03-03 07:55 . 2011-03-03 07:55 -------- d-----w- c:\program files\Trend Micro
2011-02-27 01:29 . 2011-02-27 01:29 -------- d-----w- c:\users\Christian\AppData\Roaming\Fender
2011-02-27 01:27 . 2011-03-04 03:59 -------- d-----w- c:\program files\Fender
2011-02-20 01:24 . 2011-02-20 01:24 -------- d-----w- c:\programdata\Hewlett-Packard
2011-02-20 01:23 . 2010-04-15 22:33 281600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-20 01:23 . 2010-04-15 22:33 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-20 01:23 . 2007-07-16 20:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-20 01:20 . 2011-02-20 01:20 -------- d-----w- c:\programdata\HP
2011-02-20 01:16 . 2009-11-11 20:07 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-20 01:15 . 2011-02-20 01:16 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
2011-02-08 22:45 . 2011-02-08 22:53 -------- d-----w- c:\program files\BitTorrent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 05:24 . 2008-12-05 05:26 119296 ----a-w- c:\windows\system32\zlib.dll
2011-01-25 10:11 . 2011-01-25 10:11 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
2011-01-25 10:05 . 2011-01-25 10:05 1094144 ----a-w- c:\windows\system32\Portax86.dll
2011-01-20 20:48 . 2011-01-20 20:48 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-20 23:09 . 2010-01-20 01:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-20 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:47 . 2010-12-17 15:47 53248 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-17 15:47 . 2010-06-02 02:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4344472]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-08-01 565248]
"FinePrint Dispatcher v5"="c:\windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 442368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AcronisTimounterMonitor"="e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 960376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="e:\scansoft\PaperPort\pptd40nt.exe" [2008-04-30 29984]
"IndexSearch"="e:\scansoft\PaperPort\IndexSearch.exe" [2008-04-30 46368]
"PPort11reminder"="e:\scansoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"TrkMonitor"="c:\program files\Canon Electronics\DR1210C\TrkMonitor.exe" [2008-04-24 86016]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"Zune Launcher"="g:\zune\ZuneLauncher.exe" [2008-12-12 157312]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-02-07 115560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2008-10-08 47104]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 bbfbb;bbfbb;c:\windows\System32\drivers\pcpru.sys [x]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2011-02-07 23888]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-05-21 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-21 691696]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2008-11-21 971232]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\Drivers\EBIOS32.SYS [2008-07-03 13922]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WPSHELPER
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-AVG_TRAY - e:\avg\AVG10\avgtray.exe
AddRemove-Adobe Connect Add-in - c:\users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 00:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,e7,0f,c7,c8,6c,f2,13,ef,2d,07,46,88,4c,ca,6d,dd,99,73,7f,11,
a4,52,ce,59,4d,ea,70,f4,c7,45,f9,0c,fe,96,88,5a,c9,6c,53,1d,75,3a,11,d1,83,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-05 00:55:28
ComboFix-quarantined-files.txt 2011-03-05 05:55
.
Pre-Run: 33,779,884,032 bytes free
Post-Run: 33,737,011,200 bytes free
.
- - End Of File - - 74C9854630913DC868B0AE128DC00919
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\drivers\AMonLWLH.sys
c:\windows\system32\V3w32se2.dll
c:\program files\Common Files\AhnLab
c:\programdata\AhnLab
c:\windows\System32\drivers\pcpru.sys


Folder::
c:\programdata\AVAST Software
c:\programdata\AVG10
c:\windows\system32\drivers\AVG
c:\users\Christian\AppData\Local\Sunbelt Software


Driver::
bbfb
AhnFlt2K
AhnRec2K


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

DDS::
uInternet Settings,ProxyOverride = <local>


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-03-04.04 - Christian 03/05/2011 19:25:41.2.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2043 [GMT -5:00]
Running from: c:\users\Christian\Desktop\ComboFix.exe
Command switches used :: c:\users\Christian\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\AhnLab"
"c:\programdata\AhnLab"
"c:\windows\system32\drivers\AMonLWLH.sys"
"c:\windows\System32\drivers\pcpru.sys"
"c:\windows\system32\V3w32se2.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVAST Software
c:\programdata\AVG10
c:\programdata\AVG10\Cfg\admin.cfg
c:\programdata\AVG10\Cfg\krnl.cfg
c:\programdata\AVG10\Chjw\3ebc2027bc1fd7eb.dat
c:\programdata\AVG10\Chjw\5000f42500f413a6.dat
c:\programdata\AVG10\Chjw\a6d88983d889530b.dat
c:\programdata\AVG10\Chjw\bcf83461f8341bd8.dat
c:\programdata\AVG10\Chjw\d8aae642aae61cae.dat
c:\programdata\AVG10\Chjw\de7cfe617cfe343d.dat
c:\programdata\AVG10\IDS\config\agentStartup.xml
c:\programdata\AVG10\IDS\config\analyzerFilterConfig.xml
c:\programdata\AVG10\IDS\config\BehavioralEventProcessors.xml
c:\programdata\AVG10\IDS\config\BehavioralEvents.xml
c:\programdata\AVG10\IDS\config\Classifiers.xml
c:\programdata\AVG10\IDS\config\Correlations.xml
c:\programdata\AVG10\IDS\config\downloadManager.xml
c:\programdata\AVG10\IDS\config\downloads.xml
c:\programdata\AVG10\IDS\config\EN_US\Characteristics.xml
c:\programdata\AVG10\IDS\config\EN_US\internalListStrings.xml
c:\programdata\AVG10\IDS\config\EN_US\reportableevents.xml
c:\programdata\AVG10\IDS\config\ExecutableEvents.xml
c:\programdata\AVG10\IDS\config\FileCoverage.xml
c:\programdata\AVG10\IDS\config\internalList.zip
c:\programdata\AVG10\IDS\config\messages.xml
c:\programdata\AVG10\IDS\config\NetworkEvents.xml
c:\programdata\AVG10\IDS\config\ProductParameters.xml
c:\programdata\AVG10\IDS\config\RegistryCoverage.xml
c:\programdata\AVG10\IDS\config\Relationships.xml
c:\programdata\AVG10\IDS\config\ReportableEventMappings.xml
c:\programdata\AVG10\IDS\config\SelfProtection.xml
c:\programdata\AVG10\log\amlog.cfg
c:\programdata\AVG10\log\arklog.cfg
c:\programdata\AVG10\log\avgcfg.log
c:\programdata\AVG10\log\avgcfg.log.lock
c:\programdata\AVG10\log\avgchjw.log
c:\programdata\AVG10\log\avgchjw.log.lock
c:\programdata\AVG10\log\avgchjwsrv.log
c:\programdata\AVG10\log\avgchjwsrv.log.lock
c:\programdata\AVG10\log\avgcore.log
c:\programdata\AVG10\log\avgcore.log.lock
c:\programdata\AVG10\log\avgldr.log
c:\programdata\AVG10\log\avgldr.log.lock
c:\programdata\AVG10\log\avgrs.log
c:\programdata\AVG10\log\avgrs.log.lock
c:\programdata\AVG10\log\avgtdi.log
c:\programdata\AVG10\log\avgtdi.log.lock
c:\programdata\AVG10\log\avgui.log
c:\programdata\AVG10\log\avgui.log.lock
c:\programdata\AVG10\log\avguilog.cfg
c:\programdata\AVG10\log\cfgexlog.cfg
c:\programdata\AVG10\log\cfglog.cfg
c:\programdata\AVG10\log\chjwlog.cfg
c:\programdata\AVG10\log\corelog.cfg
c:\programdata\AVG10\log\csllog.cfg
c:\programdata\AVG10\log\ldrlog.cfg
c:\programdata\AVG10\log\lnglog.cfg
c:\programdata\AVG10\log\lscanlog.cfg
c:\programdata\AVG10\log\nslog.cfg
c:\programdata\AVG10\log\privlog.cfg
c:\programdata\AVG10\log\publog.cfg
c:\programdata\AVG10\log\rslog.cfg
c:\programdata\AVG10\log\scanlog.cfg
c:\programdata\AVG10\log\schedlog.cfg
c:\programdata\AVG10\log\srmlog.cfg
c:\programdata\AVG10\log\tdilog.cfg
c:\programdata\AVG10\log\updlog.cfg
c:\programdata\AVG10\log\vaultlog.cfg
c:\programdata\AVG10\log\wdlog.cfg
c:\programdata\AVG10\log\wdsvclog.cfg
c:\users\Christian\AppData\Local\Sunbelt Software
c:\windows\system32\drivers\AMonLWLH.sys
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavichjw.avm
c:\windows\system32\drivers\AVG\incavi.avm
c:\windows\system32\V3w32se2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_AHNFLT2K
-------\Legacy_AHNREC2K
-------\Service_AhnFlt2K
-------\Service_AhnRec2K
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-06 00:30 . 2011-03-06 00:32 -------- d-----w- c:\users\Christian\AppData\Local\temp
2011-03-04 08:07 . 2011-03-04 08:26 -------- d-----w- c:\programdata\MFAData
2011-03-04 05:26 . 2010-09-11 03:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-03-04 04:34 . 2011-03-04 04:35 -------- d-----w- c:\program files\Common Files\AhnLab
2011-03-04 04:33 . 2011-03-04 04:35 -------- d-----w- c:\programdata\AhnLab
2011-03-04 04:25 . 2011-02-07 14:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-03-04 04:25 . 2011-02-07 14:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
2011-03-04 04:24 . 2011-03-04 04:25 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-04 04:24 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-03-04 02:26 . 2011-03-04 02:26 -------- d-----w- c:\users\Christian\AppData\Local\Threat Expert
2011-03-04 02:03 . 2011-03-04 03:31 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-04 02:03 . 2011-03-04 02:52 -------- d-----w- c:\program files\PC Tools Security
2011-03-04 02:03 . 2011-03-04 02:03 -------- d-----w- c:\users\Christian\AppData\Roaming\PC Tools
2011-03-04 02:02 . 2011-03-04 02:03 -------- d-----w- c:\programdata\PC Tools
2011-03-03 23:37 . 2011-03-03 23:42 -------- d-----w- c:\programdata\Hitman Pro
2011-03-03 23:16 . 2011-03-03 23:18 -------- d-----w- c:\programdata\Norton
2011-03-03 08:06 . 2011-03-03 08:06 -------- dc-h--w- c:\programdata\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-03 08:05 . 2011-03-03 08:06 -------- d-----w- c:\programdata\Lavasoft
2011-03-03 08:05 . 2011-03-03 08:05 -------- d-----w- c:\program files\Lavasoft
2011-03-03 07:55 . 2011-03-03 07:55 -------- d-----w- c:\program files\Trend Micro
2011-02-27 01:29 . 2011-02-27 01:29 -------- d-----w- c:\users\Christian\AppData\Roaming\Fender
2011-02-27 01:27 . 2011-03-04 03:59 -------- d-----w- c:\program files\Fender
2011-02-20 01:24 . 2011-02-20 01:24 -------- d-----w- c:\programdata\Hewlett-Packard
2011-02-20 01:23 . 2010-04-15 22:33 281600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-20 01:23 . 2010-04-15 22:33 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-20 01:23 . 2007-07-16 20:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-20 01:20 . 2011-02-20 01:20 -------- d-----w- c:\programdata\HP
2011-02-20 01:16 . 2009-11-11 20:07 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-20 01:15 . 2011-02-20 01:16 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
2011-02-08 22:45 . 2011-02-08 22:53 -------- d-----w- c:\program files\BitTorrent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 05:24 . 2008-12-05 05:26 119296 ----a-w- c:\windows\system32\zlib.dll
2011-01-25 10:11 . 2011-01-25 10:11 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
2011-01-25 10:05 . 2011-01-25 10:05 1094144 ----a-w- c:\windows\system32\Portax86.dll
2011-01-20 20:48 . 2011-01-20 20:48 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-20 23:09 . 2010-01-20 01:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-20 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:47 . 2010-12-17 15:47 53248 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-17 15:47 . 2010-06-02 02:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4344472]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-08-01 565248]
"FinePrint Dispatcher v5"="c:\windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 442368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AcronisTimounterMonitor"="e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 960376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="e:\scansoft\PaperPort\pptd40nt.exe" [2008-04-30 29984]
"IndexSearch"="e:\scansoft\PaperPort\IndexSearch.exe" [2008-04-30 46368]
"PPort11reminder"="e:\scansoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"TrkMonitor"="c:\program files\Canon Electronics\DR1210C\TrkMonitor.exe" [2008-04-24 86016]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"Zune Launcher"="g:\zune\ZuneLauncher.exe" [2008-12-12 157312]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-02-07 115560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2008-10-08 47104]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
"EnableNotificationsRef"=dword:00000001
.
2;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R0 bbfbb;bbfbb;c:\windows\System32\drivers\pcpru.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2011-02-07 23888]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-05-21 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-21 691696]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2008-11-21 971232]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\Drivers\EBIOS32.SYS [2008-07-03 13922]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,e7,0f,c7,c8,6c,f2,13,ef,2d,07,46,88,4c,ca,6d,dd,99,73,7f,11,
a4,52,ce,59,4d,ea,70,f4,c7,45,f9,0c,fe,96,88,5a,c9,6c,53,1d,75,3a,11,d1,83,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\JHSecure\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conime.exe
e:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
e:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\System32\Ctxfihlp.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Logitech\SetPointG\SetPointII.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-05 19:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-06 00:37
ComboFix2.txt 2011-03-05 05:55
.
Pre-Run: 45,694,001,152 bytes free
Post-Run: 45,123,747,840 bytes free
.
- - End Of File - - 728D77F01B61D9B5B1C521708F7330EB


Hope everything's OK. Fingers crossed...
 
How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The forum won't allow me to post the contents of OTL.txt and Extras.txt because of too many characters. Each log file has more than 50,000 characters. What should I do? Thanks.
 
If any log doesn't fit into single reply, split it between couple of replies.
 
OTL Part 1

OTL logfile created on: 3/5/2011 9:53:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Christian\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 41.01 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 34.08 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 37.28 Gb Free Space | 95.42% Space Free | Partition Type: NTFS
Drive F: | 141.82 Gb Total Space | 27.81 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive G: | 139.73 Gb Total Space | 63.29 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
Drive H: | 139.73 Gb Total Space | 115.00 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
Drive I: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2011/02/07 09:11:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/02/07 09:11:34 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/02/07 09:11:34 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/02/07 09:11:34 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/26 21:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/10/26 21:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/10/14 20:09:30 | 000,451,152 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 11:41:06 | 000,157,312 | ---- | M] (Microsoft Corporation) -- G:\Zune\ZuneLauncher.exe
PRC - [2008/10/31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/13 12:22:10 | 000,960,376 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/13 12:00:16 | 004,344,472 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/07 22:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2008/10/07 22:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/24 12:27:52 | 000,086,016 | ---- | M] (Canon Electronics Inc.) -- C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
PRC - [2007/10/29 06:49:06 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
PRC - [2007/10/29 06:48:58 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe
PRC - [2004/08/25 12:26:46 | 000,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe


========== Modules (SafeList) ==========

MOD - [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
MOD - [2009/04/10 22:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
SRV - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/02/07 09:11:34 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/02/07 09:11:34 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/02/07 09:11:34 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/23 00:32:24 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/26 21:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/12/31 18:59:07 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/16 21:05:37 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/05/21 17:46:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 11:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/10/31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/29 06:49:06 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- e:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2007/10/29 06:48:58 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- e:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/22 18:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2006/10/09 21:11:08 | 000,724,992 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/03 23:25:08 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/02/15 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110305.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/02/15 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110305.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/07 09:11:38 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/02/07 09:11:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/02/07 09:11:36 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/02/07 09:11:36 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/02/07 09:11:36 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/02/07 09:11:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/02/07 09:11:32 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/02/07 09:11:32 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/02/07 09:11:32 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2011/02/07 09:11:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/26 22:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/10/26 22:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/26 21:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/10/18 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/24 07:46:12 | 000,099,856 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/06/21 00:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/11/10 06:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/25 08:50:56 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/04/10 20:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/04 22:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/11/21 00:37:35 | 000,971,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm147.sys -- (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147)
DRV - [2008/11/21 00:37:26 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/11/21 00:37:26 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/21 00:37:16 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/10/08 00:22:04 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/10/08 00:22:02 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/10/08 00:22:00 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/10/08 00:21:58 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/10/08 00:21:56 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/10/08 00:21:54 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/10/08 00:21:50 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/10/08 00:21:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/10/08 00:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/10/08 00:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/10/08 00:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/10/08 00:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/10/08 00:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/10/08 00:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/07/03 08:31:06 | 000,013,922 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\EBIOS32.SYS -- (EBIOS32)
DRV - [2007/10/22 06:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/10/05 09:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 09:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/09/27 14:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 17:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/08/01 17:25:06 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/22 03:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBICP.sys -- (uisp)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE CD B8 F7 42 DA CB 01 [binary data]
IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/10/22 06:58:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/03/03 03:18:59 | 000,000,000 | ---D | M]

[2008/11/22 03:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
[2011/03/02 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions
[2009/10/16 21:32:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 17:45:35 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/02/08 17:45:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\engine@conduit.com
[2009/09/17 17:18:18 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com

O1 HOSTS File: ([2011/03/05 19:32:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrkMonitor] C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe (Canon Electronics Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Zune Launcher] G:\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} http://touch.imbc.com/ActiveX/iMBCOnlineService.cab (PlayerCue Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 21:52:32 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/03/05 19:37:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/05 19:32:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/05 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
[2011/03/05 19:24:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/05 19:24:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/05 00:47:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/05 00:47:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/05 00:47:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/05 00:47:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/05 00:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/04 03:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/04 00:26:45 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\wpshelper.sys
[2011/03/03 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AhnLab
[2011/03/03 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AhnLab
[2011/03/03 23:25:11 | 000,357,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\Sysfer.dll
[2011/03/03 23:25:11 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2011/03/03 23:24:57 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/03/03 23:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/03/03 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Threat Expert
[2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\PC Tools
[2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/03 21:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/03 18:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/03 18:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/03/03 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Symantec
[2011/03/03 18:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/03/03 03:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
[2011/03/03 03:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/03/03 03:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/03/03 02:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/03 00:29:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/03/01 18:23:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/26 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Fender
[2011/02/26 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Fender
[2011/02/26 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fender FUSE
[2011/02/26 20:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fender
[2011/02/19 20:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/02/19 20:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/02/19 20:15:47 | 000,000,000 | ---D | C] -- C:\HP_P2050_full_solution_v6.1_AM-EMEA
[2011/02/08 17:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/02/07 09:11:38 | 000,107,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2011/02/07 09:11:38 | 000,087,408 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2011/02/07 09:11:38 | 000,043,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2011/02/07 09:11:36 | 000,320,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
[2011/02/07 09:11:36 | 000,284,720 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
[2011/02/07 09:11:36 | 000,067,472 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
[2011/02/07 09:11:36 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
[2011/02/07 09:11:32 | 000,188,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
[2011/02/07 09:11:32 | 000,145,968 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
[2011/02/07 09:11:32 | 000,039,856 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
[2011/02/07 09:11:32 | 000,038,448 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
[2011/02/07 09:11:32 | 000,026,416 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
[2011/02/07 09:11:32 | 000,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2011/02/07 09:11:32 | 000,012,720 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
[2011/02/04 02:05:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2017/02/25 12:37:16 | 000,535,537 | ---- | M] () -- C:\Users\Christian\Desktop\SV101988.JPG
[2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/03/05 21:40:32 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 21:40:32 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 19:45:59 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/05 19:45:59 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/05 19:40:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 19:39:21 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/03/05 19:39:21 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/03/05 19:39:21 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/03/05 19:38:50 | 000,002,335 | ---- | M] () -- C:\Users\Christian\Desktop\Excel.lnk
[2011/03/05 19:38:35 | 000,002,373 | ---- | M] () -- C:\Users\Christian\Desktop\Word.lnk
[2011/03/05 19:32:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/05 04:17:52 | 074,199,551 | ---- | M] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
[2011/03/05 04:17:12 | 051,418,805 | ---- | M] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_x64.zip
[2011/03/05 04:16:09 | 053,868,265 | ---- | M] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_32.zip
[2011/03/05 00:46:31 | 004,280,620 | R--- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe
[2011/03/05 00:24:37 | 000,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2011/03/04 21:06:16 | 000,126,594 | ---- | M] () -- C:\Users\Christian\Desktop\L6.jpg
[2011/03/04 01:57:32 | 000,365,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/04 01:57:22 | 283,889,149 | ---- | M] () -- C:\Windows\System32\msvcache.dll
[2011/03/04 01:34:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/03 23:25:08 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/03/03 23:25:08 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/03/03 23:25:08 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/03/03 23:23:32 | 000,021,844 | ---- | M] () -- C:\Users\Christian\Documents\cc_20110303_232327.reg
[2011/03/03 23:22:17 | 139,861,102 | ---- | M] () -- C:\Users\Christian\Desktop\setupavas32.exe
[2011/03/03 22:14:26 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2011/02/23 02:45:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/19 20:37:11 | 000,180,736 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 20:29:18 | 000,173,092 | ---- | M] () -- C:\Windows\hppins13.dat
[2011/02/19 20:23:42 | 000,000,666 | ---- | M] () -- C:\Windows\hpntwksetup.ini
[2011/02/07 09:11:38 | 000,107,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2011/02/07 09:11:38 | 000,087,408 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2011/02/07 09:11:38 | 000,043,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2011/02/07 09:11:36 | 000,357,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Sysfer.dll
[2011/02/07 09:11:36 | 000,320,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
[2011/02/07 09:11:36 | 000,284,720 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
[2011/02/07 09:11:36 | 000,099,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2011/02/07 09:11:36 | 000,067,472 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
[2011/02/07 09:11:36 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
[2011/02/07 09:11:36 | 000,007,351 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.cat
[2011/02/07 09:11:36 | 000,007,351 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.cat
[2011/02/07 09:11:36 | 000,007,347 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.cat
[2011/02/07 09:11:36 | 000,001,430 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.inf
[2011/02/07 09:11:36 | 000,001,421 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.inf
[2011/02/07 09:11:36 | 000,001,415 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.inf
[2011/02/07 09:11:32 | 000,188,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
[2011/02/07 09:11:32 | 000,145,968 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
[2011/02/07 09:11:32 | 000,039,856 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
[2011/02/07 09:11:32 | 000,038,448 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
[2011/02/07 09:11:32 | 000,026,416 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
[2011/02/07 09:11:32 | 000,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2011/02/07 09:11:32 | 000,012,720 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
[2011/02/07 09:11:32 | 000,010,537 | ---- | M] () -- C:\Windows\System32\drivers\coh_mon.cat
[2011/02/07 09:11:32 | 000,009,892 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.cat
[2011/02/07 09:11:32 | 000,001,356 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.inf
[2011/02/07 09:11:32 | 000,000,706 | ---- | M] () -- C:\Windows\System32\drivers\COH_Mon.inf
 
OTL Part 2

========== Files Created - No Company Name ==========

[2011/03/05 19:24:04 | 004,280,620 | R--- | C] () -- C:\Users\Christian\Desktop\ComboFix.exe
[2011/03/05 04:17:52 | 074,199,551 | ---- | C] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
[2011/03/05 04:17:12 | 051,418,805 | ---- | C] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_x64.zip
[2011/03/05 04:16:09 | 053,868,265 | ---- | C] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_32.zip
[2011/03/05 00:47:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/05 00:47:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/05 00:47:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/05 00:47:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/05 00:47:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/04 21:06:12 | 000,126,594 | ---- | C] () -- C:\Users\Christian\Desktop\L6.jpg
[2011/03/04 21:04:36 | 000,535,537 | ---- | C] () -- C:\Users\Christian\Desktop\SV101988.JPG
[2011/03/03 23:24:57 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/03/03 23:24:57 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/03/03 23:23:29 | 000,021,844 | ---- | C] () -- C:\Users\Christian\Documents\cc_20110303_232327.reg
[2011/03/03 23:22:17 | 139,861,102 | ---- | C] () -- C:\Users\Christian\Desktop\setupavas32.exe
[2011/02/19 20:20:58 | 000,173,092 | ---- | C] () -- C:\Windows\hppins13.dat
[2011/02/19 20:20:58 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2011/02/19 20:15:58 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2011/02/07 09:11:36 | 000,007,351 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.cat
[2011/02/07 09:11:36 | 000,007,351 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.cat
[2011/02/07 09:11:36 | 000,007,347 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.cat
[2011/02/07 09:11:36 | 000,001,430 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.inf
[2011/02/07 09:11:36 | 000,001,421 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.inf
[2011/02/07 09:11:36 | 000,001,415 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.inf
[2011/02/07 09:11:32 | 000,010,537 | ---- | C] () -- C:\Windows\System32\drivers\coh_mon.cat
[2011/02/07 09:11:32 | 000,009,892 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.cat
[2011/02/07 09:11:32 | 000,001,356 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.inf
[2011/02/07 09:11:32 | 000,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
[2011/01/25 23:00:08 | 283,889,149 | ---- | C] () -- C:\Windows\System32\msvcache.dll
[2011/01/25 05:11:28 | 003,158,016 | ---- | C] () -- C:\Windows\System32\MpSigsvr.exe
[2011/01/25 05:05:44 | 001,094,144 | ---- | C] () -- C:\Windows\System32\Portax86.dll
[2010/12/20 16:22:36 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/22 00:53:57 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2010/10/15 01:24:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/22 13:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/17 13:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/07/24 19:35:09 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/06/21 00:04:44 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/06/21 00:04:44 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/06/01 22:01:03 | 000,002,703 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/05/27 11:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/03/20 17:27:56 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/02/26 20:29:06 | 000,026,931 | ---- | C] () -- C:\Windows\jimglib.dll
[2010/01/09 22:33:09 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/05 19:12:46 | 000,151,552 | ---- | C] () -- C:\Windows\System32\msrictoad.dll
[2009/09/26 20:19:36 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2170W.DAT
[2009/09/26 20:19:10 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2009/09/26 20:19:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/07/30 21:33:55 | 000,004,905 | ---- | C] () -- C:\Windows\pixcache.ini
[2009/07/29 22:08:48 | 000,031,561 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/07/29 21:55:22 | 000,000,182 | ---- | C] () -- C:\Windows\setscan.ini
[2009/07/27 16:44:08 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/07/27 16:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/07/27 16:44:05 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/27 16:42:44 | 000,000,245 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/07/15 01:23:35 | 000,000,666 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/06/14 22:24:18 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/14 22:24:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/14 22:23:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/14 22:23:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/09 22:08:43 | 000,009,846 | ---- | C] () -- C:\Windows\System32\mswintoae.dll
[2009/04/23 07:18:13 | 000,000,011 | ---- | C] () -- C:\Windows\wanpatan.ini
[2008/12/16 21:38:59 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys
[2008/12/14 20:46:27 | 000,022,328 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
[2008/12/05 00:26:47 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/12/05 00:26:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2008/12/05 00:26:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2008/11/24 14:15:28 | 000,000,086 | ---- | C] () -- C:\Windows\DrSaju.ini
[2008/11/24 14:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/11/22 03:13:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/22 02:08:27 | 000,180,736 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 00:43:49 | 000,144,896 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/11/21 00:43:49 | 000,071,168 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/11/20 23:43:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/20 22:04:15 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/20 21:51:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2008/11/20 21:45:57 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/10/28 20:41:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2008/10/07 22:26:38 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/07/11 15:50:28 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/07/11 15:40:54 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/07/11 15:40:54 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,365,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,598,350 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/11/21 01:21:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acronis
[2010/09/30 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
[2010/09/30 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apowersoft
[2011/01/23 00:42:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atlus
[2008/11/22 02:11:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Binary Fortress Software
[2011/01/01 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Bioshock2
[2009/07/30 21:33:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon Electronics
[2009/04/23 12:50:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
[2011/02/26 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Fender
[2009/09/17 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GarageGames
[2010/09/30 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GrabPro
[2009/07/29 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ISIS Drivers
[2008/12/05 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\KALiNKOsoft
[2010/06/01 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010/12/22 23:41:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\n52te
[2010/09/30 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Orbit
[2011/01/25 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Passware
[2010/08/15 20:36:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerUp Software
[2010/09/30 21:33:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ProgSense
[2010/03/20 19:23:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Red Alert 3
[2010/04/23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Red Alert 3 Uprising
[2009/07/29 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ScanSoft
[2008/11/28 00:48:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\URSoft
[2011/03/05 19:39:18 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/03/03 22:07:16 | 000,003,754 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/21 00:36:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/05 19:37:20 | 000,018,938 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/22 02:01:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/12 11:37:44 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2011/01/04 23:09:19 | 000,078,634 | ---- | M] () -- C:\M1319.log
[2010/06/29 20:01:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/11/22 02:01:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/05 19:40:14 | 3800,842,240 | -HS- | M] () -- C:\pagefile.sys
[2011/03/05 00:22:43 | 000,071,030 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_00.21.53_log.txt
[2011/03/05 00:43:20 | 000,139,902 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_00.38.08_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/14 22:31:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/15 17:33:02 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp093.DLL
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2007/12/09 19:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/11/20 22:51:42 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/16 22:56:26 | 000,000,221 | -HS- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/05 00:46:31 | 004,280,620 | R--- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe
[2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/03/05 04:17:52 | 074,199,551 | ---- | M] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
[2011/03/03 23:22:17 | 139,861,102 | ---- | M] () -- C:\Users\Christian\Desktop\setupavas32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/11/20 21:52:15 | 000,000,402 | -HS- | M] () -- C:\Users\Christian\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/19 20:29:18 | 000,000,724 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/06/01 22:01:04 | 000,002,703 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/20 17:27:56 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Files - Unicode (All) ==========
[2010/06/05 22:24:25 | 000,000,660 | ---- | M] ()(C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\온디스크.lnk
[2010/06/05 22:24:25 | 000,000,660 | ---- | C] ()(C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\온디스크.lnk
[2008/11/20 19:33:46 | 000,024,576 | ---- | C] ()(C:\Users\Christian\Documents\??? ??? ???? postprocess ??? ???? ???? ???.doc) -- C:\Users\Christian\Documents\게임이 설치된 폴더내에 postprocess 폴더에 압축풀어 넣으시면 됩니다.doc
[2008/11/20 19:33:44 | 000,033,792 | ---- | C] ()(C:\Users\Christian\Documents\D975XBX2 ????? ??? ?? ???????? ?????? ?? ???? ??? ?? ?? ?????.doc) -- C:\Users\Christian\Documents\D975XBX2 전압강하가 아니라 실제 바이오스셋팅값이 바이오스내에 있는 모니터링 측정값 보다 낮게 측정됩니다.doc
[2008/11/20 19:33:44 | 000,026,112 | ---- | C] ()(C:\Users\Christian\Documents\??? ?? ??????.doc) -- C:\Users\Christian\Documents\해결이 아닌 방지법입니다.doc
[2008/11/20 19:33:43 | 000,026,112 | ---- | C] ()(C:\Users\Christian\Documents\???? ?? ????.doc) -- C:\Users\Christian\Documents\다운받은 스킨 적용방법.doc
[2008/11/20 19:33:42 | 000,029,696 | ---- | C] ()(C:\Users\Christian\Documents\?? ??.doc) -- C:\Users\Christian\Documents\안경 처방.doc
[2008/11/20 19:33:41 | 000,031,232 | ---- | C] ()(C:\Users\Christian\Documents\???? ????.doc) -- C:\Users\Christian\Documents\안드레아 부회장님.doc
[2008/11/20 19:33:41 | 000,030,208 | ---- | C] ()(C:\Users\Christian\Documents\? ??? ??????.doc) -- C:\Users\Christian\Documents\심 기자님 안녕하십니까.doc
[2008/11/20 19:33:41 | 000,025,088 | ---- | C] ()(C:\Users\Christian\Documents\??.doc) -- C:\Users\Christian\Documents\제주.doc
[2008/11/20 19:33:41 | 000,000,237 | ---- | C] ()(C:\Users\Christian\Documents\xp????? ???.txt) -- C:\Users\Christian\Documents\xp프로폐셔널 시디키.txt
[2008/11/20 19:33:40 | 000,030,208 | ---- | C] ()(C:\Users\Christian\Documents\?? ?? ???2.doc) -- C:\Users\Christian\Documents\미국 출생 증명서2.doc
[2008/11/20 19:33:40 | 000,029,184 | ---- | C] ()(C:\Users\Christian\Documents\?? ?? ???.doc) -- C:\Users\Christian\Documents\미국 출생 증명서.doc
[2008/11/20 19:33:40 | 000,024,064 | ---- | C] ()(C:\Users\Christian\Documents\???.doc) -- C:\Users\Christian\Documents\위임장.doc
[2008/06/07 00:31:08 | 000,024,576 | ---- | M] ()(C:\Users\Christian\Documents\??? ??? ???? postprocess ??? ???? ???? ???.doc) -- C:\Users\Christian\Documents\게임이 설치된 폴더내에 postprocess 폴더에 압축풀어 넣으시면 됩니다.doc
[2008/02/15 01:32:50 | 000,026,112 | ---- | M] ()(C:\Users\Christian\Documents\??? ?? ??????.doc) -- C:\Users\Christian\Documents\해결이 아닌 방지법입니다.doc
[2008/01/22 21:34:20 | 000,033,792 | ---- | M] ()(C:\Users\Christian\Documents\D975XBX2 ????? ??? ?? ???????? ?????? ?? ???? ??? ?? ?? ?????.doc) -- C:\Users\Christian\Documents\D975XBX2 전압강하가 아니라 실제 바이오스셋팅값이 바이오스내에 있는 모니터링 측정값 보다 낮게 측정됩니다.doc
[2007/05/07 13:08:43 | 000,026,112 | ---- | M] ()(C:\Users\Christian\Documents\???? ?? ????.doc) -- C:\Users\Christian\Documents\다운받은 스킨 적용방법.doc
[2007/02/07 23:16:59 | 000,029,696 | ---- | M] ()(C:\Users\Christian\Documents\?? ??.doc) -- C:\Users\Christian\Documents\안경 처방.doc
[2006/03/06 22:29:37 | 000,031,232 | ---- | M] ()(C:\Users\Christian\Documents\???? ????.doc) -- C:\Users\Christian\Documents\안드레아 부회장님.doc
[2005/11/08 02:10:51 | 000,000,237 | ---- | M] ()(C:\Users\Christian\Documents\xp????? ???.txt) -- C:\Users\Christian\Documents\xp프로폐셔널 시디키.txt
[2005/10/06 17:24:07 | 000,030,208 | ---- | M] ()(C:\Users\Christian\Documents\? ??? ??????.doc) -- C:\Users\Christian\Documents\심 기자님 안녕하십니까.doc
[2005/09/17 12:59:22 | 000,025,088 | ---- | M] ()(C:\Users\Christian\Documents\??.doc) -- C:\Users\Christian\Documents\제주.doc
[2005/05/11 20:33:06 | 000,024,064 | ---- | M] ()(C:\Users\Christian\Documents\???.doc) -- C:\Users\Christian\Documents\위임장.doc
[2005/05/11 18:37:26 | 000,030,208 | ---- | M] ()(C:\Users\Christian\Documents\?? ?? ???2.doc) -- C:\Users\Christian\Documents\미국 출생 증명서2.doc
[2005/05/11 18:18:41 | 000,029,184 | ---- | M] ()(C:\Users\Christian\Documents\?? ?? ???.doc) -- C:\Users\Christian\Documents\미국 출생 증명서.doc
(C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? 5.0) -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\사주박사 5.0

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySilver.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Violet.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Yahoo.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WonJAE.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\visaapp.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\There.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\TenureClock.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Tennis.xgp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\STRESS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Streamer.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Start.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SSCARD.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\spider.sav:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Soldering.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Searched terms.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Samsung.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\RyePolice.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ROCCO.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Refinance.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\readme.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.prn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list2.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PDFPro.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\pdf.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Order.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OCR0001.wri:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\myxbox.xgp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My thoughts.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\mv619.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Murium.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MONKEY.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MKT3000.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Milton.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\life.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Last.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Kramer.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\KINGChess.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Katie.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ISO1.nri:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IRB.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INVOICE.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Insurance.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IKEA.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HomeMay.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\H1b.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Guest of.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\For college.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Flood.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fender.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FENDER.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Eye.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Driver License.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUCMort.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CubScout.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Corporate.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Company.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Communication.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\bookmark.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\baseball.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch2.psp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKING.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ATI.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Application.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AMEX.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Adawareback.awb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\aaw6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\958159504.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\602-750.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\529.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8303F807
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:333D43C5

< End of report >
 
Extras Part 1

OTL Extras logfile created on: 3/5/2011 9:53:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Christian\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 41.01 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 34.08 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 37.28 Gb Free Space | 95.42% Space Free | Partition Type: NTFS
Drive F: | 141.82 Gb Total Space | 27.81 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive G: | 139.73 Gb Total Space | 63.29 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
Drive H: | 139.73 Gb Total Space | 115.00 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
Drive I: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A449B2D-9201-4D6C-823E-7837E9507E08}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
"{31917295-6414-407D-9CA1-86C3CDEDF4F0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3717B5E7-D09B-4FF3-B3C5-70A92E0A3CE9}" = lport=139 | protocol=6 | dir=in | app=system |
"{39E20A3D-70D3-46F6-A1CF-239B45A17D93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46FEB35B-537F-4616-9D04-E32267231CA7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6DE9D60A-24A5-46CC-9806-2F342B7B0F2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F165447-0CAA-4114-9927-099A9A9925F5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{745218C9-7520-4637-A6A1-28CBD1BB61B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FA2B8B0-CAA4-48D9-B303-D86A8D9ECA10}" = rport=445 | protocol=6 | dir=out | app=system |
"{9057EC2E-7E82-4308-B35E-462AE802709B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4BE94AA-C06B-44AB-BB5B-E92AF891F760}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B68B89A7-393F-4F4B-90C3-BBF54C975B9C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6F932A4-6A7A-482A-AA29-A64DFA18DE90}" = lport=138 | protocol=17 | dir=in | app=system |
"{D4BF33DA-98EC-414A-9440-D3CEB2E04C42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D56004EA-F6EC-4DBA-B539-6BE4EC24F478}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D590AE29-A997-442D-A983-9D39CDA87A1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{DDA0B56F-E8AB-4BA4-B86C-F670B9F8DBD4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E330D8D7-46A7-4EC1-B419-EDFAB5B81DA0}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA2202F8-DF10-4D56-A930-EFE60293F520}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047CF96C-8794-451A-B262-5ED63622425E}" = protocol=17 | dir=in | app=f:\celeris\virtual pool 3 dl\vp3.exe |
"{06947E0C-1A79-4B80-ADF8-1FD5DC1804D6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0F4394E9-E685-4CE6-B99B-6EF61943E161}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{14D1ED2A-1B19-4757-8F88-A7E9FB6B6F6C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{19DDF383-0ECC-4F23-BFFC-FA627BE68D1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2CD82828-DFB9-4985-8A19-87B32370AEEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32A875DE-1775-4654-8994-0F67E946A132}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33857D9E-0648-42FC-8101-25D517ED8FA6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space 2\deadspace2.exe |
"{406AEBDF-52BD-4993-B765-2635F81325C6}" = protocol=6 | dir=in | app=f:\celeris\virtual pool 3 dl\vp3.exe |
"{466A161A-1432-46F3-99BA-9222C16E9E61}" = protocol=17 | dir=in | app=f:\capcom\resident evil 5\re5dx9.exe |
"{5F7C1F97-8D87-4B88-8570-E123AAC0AEA4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{6A5E9540-28BB-4B4E-8F0E-49323B343798}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{6E0D7416-9E9D-47B8-BDE4-39CAACC41852}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8270CA56-1017-4F66-847A-1D6B5C6DA779}" = protocol=6 | dir=in | app=f:\capcom\resident evil 5\re5dx10.exe |
"{83654B14-B870-4346-A2E9-CA5B0FEF64FF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{923B4AE7-C489-4E07-AA07-E32E89C90048}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{9CB474BB-BA78-4EED-9277-494BFDF53DD5}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{A0EFAD37-34ED-4EFA-A7C9-D63E004D2FA8}" = protocol=6 | dir=in | app=f:\capcom\resident evil 5\re5dx9.exe |
"{A393D710-7F52-4529-8EF3-838B4EA8A445}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\droplitz\cascade.exe |
"{B63683FA-DA1A-4135-996E-E5B1B3852595}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BFC59E1F-68AF-4181-817A-5E101107434F}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{CDBEBBE7-8FAA-4475-A051-F823159EAB04}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space 2\deadspace2.exe |
"{CE58A4CE-6174-4569-A88B-87B431CFC099}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E987E6D5-1305-4CD5-BC7E-8D2A34CF1A85}" = protocol=17 | dir=in | app=f:\capcom\resident evil 5\re5dx10.exe |
"{EEB9CCFE-0AE6-4AC4-8164-6B215004045E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\droplitz\cascade.exe |
"{F90FE844-64EC-4A8A-8D87-C2D9E926BFBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB98D36A-523C-413B-A6A9-3BFCA6AE2400}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{1539E03B-1DF2-4949-8DF9-FDCB75831B3D}E:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=e:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{55CA4E99-424C-4B5E-BBD6-7559F570D6CC}E:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
"TCP Query User{73B023A4-36ED-41F4-90C7-9B3BF8FBF435}E:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=e:\orbitdownloader\orbitnet.exe |
"TCP Query User{81702A28-8EFC-407B-9850-09F9957F8BB2}I:\setup.exe" = protocol=6 | dir=in | app=i:\setup.exe |
"TCP Query User{ABEB631D-650E-47F7-BDE7-4E332524C376}C:\hp_lj1020-1022_full_solution\setup.exe" = protocol=6 | dir=in | app=c:\hp_lj1020-1022_full_solution\setup.exe |
"TCP Query User{D2920103-EBFB-4E0D-980A-C48EF00264A2}E:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=e:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{D83B6D94-55E8-4AB3-A0A1-D8FB6F89B0FA}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F4E778D0-A407-4C57-8C8A-4555B3A9D907}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0E2D41F9-FB36-4D91-B091-A782A41DBDC2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{11282039-CAEF-4E35-95DC-83259718F7C9}E:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1DC374D2-D40A-4FD3-9DA0-B4C89F2C138C}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{44A93ABC-B3AA-4A8D-9F1F-071E7FF17164}E:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=e:\orbitdownloader\orbitnet.exe |
"UDP Query User{4EFD922D-5BED-418B-8B64-A08669FB09B6}E:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=e:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{5229CB04-2110-4510-B761-F8D8F6BAF699}I:\setup.exe" = protocol=17 | dir=in | app=i:\setup.exe |
"UDP Query User{7251134A-1AFB-41D4-876E-E8261F0048B6}C:\hp_lj1020-1022_full_solution\setup.exe" = protocol=17 | dir=in | app=c:\hp_lj1020-1022_full_solution\setup.exe |
"UDP Query User{E255AE40-E256-40B0-A11D-268DD48AFD7E}E:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=e:\program files\nero\nero 7\nero home\nerohome.exe |
 
Extras Part 2!

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0C4D84F4-90EA-452B-A03F-700DE569ED48}" = DNE Update
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{147A9BB0-00EE-4032-BD01-981B5EDDB690}" = DR-1210C Job Tool
"{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{258236B1-6DFE-7363-E4C3-CDC6FCC03BF6}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3595DD89-873E-6911-4AF0-47542B5C8073}" = ATI Catalyst Install Manager
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3DB05083-3621-D206-CB9B-68E8CDB139AD}" = CCC Help English
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4733A394-F8D3-4394-857C-D9712386514E}" = ScanSoft PaperPort 11
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4C36BD6F-3C93-3ED7-A4EA-2D1D9A6E215B}" = Catalyst Control Center Graphics Previews Common
"{50A5C123-C294-4A61-9F5A-914F5700C147}" = Brother HL-2170W
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C457CDB-18B2-E0AA-F2DD-5A69AE2C0505}" = ccc-utility
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1E6F5-180F-430D-AD8D-E3E4CA25BFC2}_is1" = YouTube Music Converter V1.3.8
"{A4C4EAEC-5751-11D6-8E4E-009027AA4188}" = PTC ProDESKTOP 8.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADA6637C-88B5-D2D6-E017-8F7C000CAC3E}" = ccc-core-static
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BC214D-8B7D-4634-8834-8553B7B57944}" = Canon DR-1210C Driver
"{B6685367-A8AD-4414-A2A3-10B40EC5CF30}" = SharpKeys
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BBB7AEE0-AE78-44CC-8CD4-083B0B99EA80}" = Intel(R) Network Connections 14.5.1.0
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{CAC4891C-EF84-11DC-AF8C-00188BF89454}" = CommVault Systems DataArchiver Outlook Add-In (Instance001)
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F3B366-830E-4371-9130-A8D6BE751363}" = CapturePerfect 3.0
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Premium
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioCS" = Creative Audio Control Panel
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 2.2.1
"Carom3D" = Carom3D
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"FileASSASSIN" = FileASSASSIN
"FinePrint" = FinePrint
"Fraps" = Fraps
"HD Tune_is1" = HD Tune 2.55
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OpenAL" = OpenAL
"ordrumbox_is1" = ordrumbox-0.8.05
"PC Magazine's WinTidy_is1" = WinTidy 1.0.11
"pdfFactory Pro" = pdfFactory Pro
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel(R) Network Connections 14.5.1.0
"sp6" = Logitech SetPoint 6.20
"SPSS for Windows 11.5" = SPSS 11.5 for Windows
"SPT-667 Phrase Trainer_is1" = SPT-667 Phrase Trainer 1
"StarCraft" = StarCraft
"Steam App 23120" = Droplitz
"Steam App 40800" = Super Meat Boy
"Steam App 47780" = Dead Space 2
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.8.7
"ViceVersa Pro_is1" = ViceVersa Pro 1.3.1
"VistaGlazz_is1" = VistaGlazz 1.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.6
"Zune" = Zune

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
    O3 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySilver.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Violet.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Yahoo.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WonJAE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\visaapp.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\There.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\TenureClock.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Tennis.xgp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\STRESS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Streamer.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Start.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SSCARD.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\spider.sav:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Soldering.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Searched terms.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Samsung.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\RyePolice.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ROCCO.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Refinance.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\readme.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.prn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list2.xls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list.xls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PDFPro.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\pdf.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Order.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OCR0001.wri:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\myxbox.xgp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My thoughts.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\mv619.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Murium.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MONKEY.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MKT3000.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Milton.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\life.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Last.ppt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Kramer.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\KINGChess.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Katie.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ISO1.nri:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IRB.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INVOICE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Insurance.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IKEA.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HomeMay.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\H1b.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Guest of.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\For college.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Flood.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fender.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FENDER.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Eye.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Driver License.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUCMort.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CubScout.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Corporate.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Company.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Communication.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\bookmark.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\baseball.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch2.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKING.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ATI.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Application.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AMEX.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Adawareback.awb:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\aaw6.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\958159504.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\602-750.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\529.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B3D74A13
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8927A071
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8303F807
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:333D43C5
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" =-
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
========== OTL ==========
Service NOD32krn stopped successfully!
Service NOD32krn deleted successfully!
Registry value HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
ADS C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MySilver.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Violet.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Grey.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Yahoo.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\XXX.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\XXX.log:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\WonJAE.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Warwick.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Warwick.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\visaapp.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\To.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\There.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\TenureClock.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Tennis.xgp:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\STRESS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Streamer.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Start.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\SSCARD.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\spider.sav:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Soldering.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Searched terms.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Samsung.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\RyePolice.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ROCCO.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Refinance.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\readme.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\qqq.prn:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\qqq.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\qqq.log:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\PhD list2.xls:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\PhD list.xls:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\PDFPro.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\pdf.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Order.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\OCR0001.wri:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS deleted successfully.
Unable to delete ADS C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS .
ADS C:\Users\Christian\Documents\myxbox.xgp:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My thoughts.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\mv619.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Murium.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MONKEY.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MKT3000.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Milton.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\life.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Last.ppt:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Kramer.txt:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\KINGChess.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Katie.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ISO1.nri:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\IRB.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\INVOICE.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Insurance.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\IKEA.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\I.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\HomeMay.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\H1b.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Guest of.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS deleted successfully.
Unable to delete ADS C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS .
Unable to delete ADS C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS .
ADS C:\Users\Christian\Documents\From1.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\From.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\For college.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Flood.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Fender.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\FENDER.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Eye.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Driver License.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CUCMort.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CubScout.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Corporate.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Company.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Communication.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\bookmark.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\baseball.pdf:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Baruch2.psp:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Baruch.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\BARKING.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\ATI.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Application.txt:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\AMEX.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\Adawareback.awb:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\aaw6.exe:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\958159504.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\602-750.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\529.doc:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS deleted successfully.
ADS C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS deleted successfully.
ADS C:\ProgramData\TEMP:B3D74A13 deleted successfully.
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Windows\System32\zlib.dll:SummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\Windows\System32\zlib.dll:DocumentSummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:8303F807 deleted successfully.
ADS C:\ProgramData\TEMP:333D43C5 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.2 log created on 03062011_001448


Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````


ESET log

E:\Program Files\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application
F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe probably a variant of Win32/Bifrose.IRFFJML trojan
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    E:\Program Files\Unlocker\eBay_shortcuts_1016.exe 
    F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
My PC is doing great!

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
E:\Program Files\Unlocker\eBay_shortcuts_1016.exe moved successfully.
F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: 51515475 bytes
->Temporary Internet Files folder emptied: 25110455 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 882 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.00 mb


[EMPTYFLASH]

User: All Users

User: Christian
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03062011_125825

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWN9M4V8\activex[1].htm moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWN9M4V8\style-nurse[1].htc moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VPG6N33\sh33[1].html moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VPG6N33\topic162041-2[1].html moved successfully.

Registry entries deleted on Reboot...




All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: 32511 bytes
->Temporary Internet Files folder emptied: 2553977 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 5534674 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: All Users

User: Christian
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 03062011_130351

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y59G32U5\sh33[1].html moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R977MUO9\topic162041-2[1].html moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back