TechSpot

*Infected* rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack

Inactive
By herewegoagain
Oct 16, 2012
  1. Hi, My system is Windows xp using pc tools internt security 2012.
    1st problem was pc tools firewall always shuts off(must manual enable on sys restart), then windows firewall was missing/removed along with the windows update svs.
    Ive done as much as I can with my resources and would appreciate much more expertise at this point.
    Ive run various scans for rootkits/trogens and found many different variations using pc tools, malwarebytes, tdsskiller, security check, fss, aswmbr etc. also heightened firewall / cp security which at least stops most redirects and seems to have stabilized the cp for the moment.
    Whatever was found was removed ...but I believe this goes too deep for me alone since registry/MBR have been infected. Last scan was aswmbr shows:
    C:\Documents and Settings\Owner\My Documents\7af3996f.exe **INFECTED** Win32:Kryptik-KEG [Trj]
    There still may be much more ...please help? Thanks for your time
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  3. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Thanks, here's the text info:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
    Ran by SYSTEM at 16-10-2012 18:13:56
    Running from I:\
    Microsoft Windows XP (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
    HKLM\...\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui [348160 2006-03-15] (TP-LINK TECHNOLOGIES CO., LTD)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2004-07-12] (NVIDIA Corporation)
    HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [4112384 2004-07-12] (NVIDIA Corporation)
    HKLM\...\Run: [nwiz] nwiz.exe /install [x]
    HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-06-04] (NVIDIA Corporation)
    HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
    HKLM\...\Run: [PCTools FW] C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FirewallGUI.exe [x]
    HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2
    ==================== Services (Whitelisted) ===================
    2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-08-05] ()
    3 brmfrmps; "C:\WINDOWS\system32\Brmfrmps.exe" -service [65536 2003-05-05] (Brother Industries, Ltd.)
    3 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
    3 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    3 QuikSync; C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [13312 2010-07-01] ()
    2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    3 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-14] (Secunia)
    4 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-10-14] (Secunia)
    3 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [113200 2009-10-22] (VMware, Inc.)
    3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.)
    3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
    3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.)
    3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
    3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
    3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
    4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
    2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]
    4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
    2 PCToolsFirewallPlus; C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FWService.exe [x]
    3 ufad-ws60; "C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml [x]
    ==================== Drivers (Whitelisted) ====================
    2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2011-11-27] (Meetinghouse Data Communications)
    3 AR5523; C:\Windows\System32\DRIVERS\ar5523.sys [360288 2006-01-16] (Atheros Communications, Inc.)
    3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.)
    2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.)
    3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
    3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
    3 nvax; C:\Windows\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
    3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2004-05-16] (NVIDIA Corporation)
    3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation)
    0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21760 2004-04-01] (NVIDIA Corporation)
    1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
    2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [162584 2012-04-23] (PC Tools)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [91648 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [254944 2012-06-22] (PC Tools)
    3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
    3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
    3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [125920 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [70568 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
    3 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2011-11-27] (New Boundary Technologies, Inc.)
    3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
    3 QslFsFltr; C:\Windows\System32\DRIVERS\QslFsFltr.sys [12672 2010-07-01] (Windows (R) Win 7 DDK provider)
    3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [40724 2004-10-20] (Alcor Micro Corp.)
    3 SunkFilt39; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [42968 2004-10-18] (Alcor Micro Corp.)
    2 vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys [70704 2009-10-22] (VMware, Inc.)
    3 vmkbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2009-10-22] (VMware, Inc.)
    2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.)
    2 VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.)
    2 vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.)
    2 vstor2-mntapi10; \??\C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [22576 2009-11-03] (VMware, Inc.)
    2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
    3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [91136 2008-08-11] (ZOOM)
    4 Abiosdsk; [x]
    4 Atdisk; [x]
    1 Changer; [x]
    1 lbrtfdc; [x]
    1 PCIDump; [x]
    3 PDCOMP; [x]
    3 PDFRAME; [x]
    3 PDRELI; [x]
    3 PDRFRAME; [x]
    4 Simbad; [x]
    3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
    3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
    3 WDICA; [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2012-10-16 18:13 - 2012-10-16 18:13 - 00000000 ____D C:\FRST
    2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
    2012-10-16 02:59 - 2012-10-16 02:59 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-15 04:26 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-14 20:31 - 2012-10-15 19:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-10-14 16:13 - 2012-10-14 16:13 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-10-14 16:09 - 2012-10-14 16:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
    2012-10-14 15:55 - 2012-10-14 15:55 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DriverCure
    2012-10-14 15:54 - 2012-10-14 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
    2012-10-14 05:09 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
    2012-10-14 04:21 - 2012-10-14 04:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2012-10-14 04:20 - 2012-10-14 04:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    2012-10-13 09:13 - 2012-10-16 03:18 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
    2012-10-13 07:52 - 2012-10-13 07:57 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    2012-10-09 05:28 - 2012-10-09 05:44 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
    2012-10-09 05:04 - 2012-10-09 05:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    2012-10-08 01:49 - 2012-10-08 01:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
    2012-10-06 00:44 - 2012-10-06 00:44 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
    2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
    2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd106.dll
    2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
    2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd101b.dll
    2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    2012-09-24 04:23 - 2012-09-24 04:23 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spam Monitor
    2012-09-24 04:22 - 2012-06-22 11:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
    2012-09-24 04:22 - 2012-06-22 11:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-09-24 04:22 - 2012-06-22 10:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    2012-09-24 04:21 - 2012-06-22 15:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
    2012-09-24 04:21 - 2012-06-22 15:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
    2012-09-24 04:20 - 2012-09-24 04:20 - 00000000 ____D C:\Program Files\PC Tools
    2012-09-24 04:20 - 2012-06-22 15:35 - 00125920 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw.sys
    2012-09-24 04:20 - 2012-06-22 15:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
    2012-09-24 04:20 - 2012-04-19 09:56 - 00091648 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter.sys
    2012-09-24 04:20 - 2011-07-08 09:55 - 00032936 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-DNS.sys
    2012-09-24 04:20 - 2010-07-08 08:49 - 00057536 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis.sys
    2012-09-24 04:18 - 2012-04-23 12:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
    2012-09-24 04:18 - 2012-04-23 12:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
    2012-09-24 04:18 - 2012-02-28 11:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
    2012-09-24 04:18 - 2012-02-28 11:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
    2012-09-24 03:53 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
    2012-09-24 03:19 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
    2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    2012-09-21 04:15 - 2012-09-21 04:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\File Recover
    2012-09-21 04:12 - 2012-09-21 04:12 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Product_FR
    2012-09-21 02:22 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
    2012-09-21 01:57 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
    2012-09-21 01:53 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
    2012-09-21 01:47 - 2012-09-21 01:47 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
    2012-09-20 15:29 - 2012-09-20 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
    2012-09-20 15:03 - 2012-09-20 13:52 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
    2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
    2012-09-20 13:52 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
    2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
    ==================== 3 Months Modified Files ==================
    2012-10-16 17:03 - 2004-08-26 14:08 - 00031906 ____A C:\Windows\SchedLgU.Txt
    2012-10-16 17:03 - 2004-08-26 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-16 17:03 - 2004-08-26 14:02 - 01343160 ____A C:\Windows\WindowsUpdate.log
    2012-10-16 17:03 - 2004-08-26 06:58 - 00000214 ____A C:\Windows\wiadebug.log
    2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    2012-10-16 15:26 - 2011-12-01 15:57 - 00000049 ____A C:\Windows\NeroDigital.ini
    2012-10-16 15:16 - 2004-08-26 06:58 - 00000050 ____A C:\Windows\wiaservc.log
    2012-10-16 15:13 - 2011-11-27 01:11 - 00004452 ____A C:\Windows\System32\nvapps.xml
    2012-10-16 15:12 - 2004-08-26 14:09 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
    2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    2012-10-16 05:00 - 2011-12-08 05:09 - 00000314 ____A C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    2012-10-16 03:25 - 2004-08-26 12:12 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
    2012-10-16 03:18 - 2012-10-13 09:13 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
    2012-10-15 21:17 - 2011-11-27 11:59 - 00000237 ____A C:\Documents and Settings\Owner\Desktop\CSG Pay.url
    2012-10-15 14:29 - 2011-11-27 02:27 - 01150717 ____A C:\Windows\setupapi.log
    2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    2012-10-15 09:00 - 2011-12-08 05:08 - 00000348 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-14 15:01 - 2011-12-01 16:02 - 00000378 ____A C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
    2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    2012-10-13 07:57 - 2012-10-13 07:52 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    2012-10-12 07:13 - 2011-11-28 07:47 - 00003510 ____A C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    2012-10-09 05:44 - 2012-10-09 05:28 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
    2012-10-09 05:04 - 2011-11-27 02:43 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-09 05:04 - 2011-11-27 02:43 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    2012-10-04 20:16 - 2011-12-06 21:09 - 00000416 ____A C:\Documents and Settings\Owner\My Documents\spider.sav
    2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    2012-10-01 22:26 - 2011-12-31 10:49 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
    2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    2012-09-24 04:43 - 2012-03-27 01:59 - 00601593 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    2012-09-24 03:53 - 2012-10-14 05:09 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
    2012-09-24 03:19 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
    2012-09-24 02:29 - 2004-08-26 14:04 - 00002577 ____A C:\Windows\System32\CONFIG.NT
    2012-09-23 03:43 - 2011-12-08 16:45 - 00000462 ____A C:\Windows\BRWMARK.INI
    2012-09-23 03:43 - 2011-12-08 16:45 - 00000079 ____A C:\Windows\BRPP2KA.INI
    2012-09-21 14:18 - 2012-09-07 04:04 - 00000331 ____A C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
    2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    2012-09-21 02:22 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
    2012-09-21 01:57 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
    2012-09-21 01:53 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
    2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
    2012-09-20 15:13 - 2004-08-26 12:12 - 00001170 ____A C:\Windows\System32\wpa.dbl
    2012-09-20 15:03 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
    2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
    2012-09-20 13:52 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
    2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
    2012-09-14 03:50 - 2012-09-14 03:50 - 00090112 ____A C:\Windows\Minidump\Mini091412-01.dmp
    2012-09-09 01:10 - 2012-09-09 01:10 - 00000187 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to USB DISK (K).lnk
    2012-09-07 17:04 - 2012-10-15 04:26 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-05 06:08 - 2012-09-05 06:08 - 00028591 ____A C:\Documents and Settings\Owner\Desktop\Repertoire_Template.xlsx
    2012-08-31 01:50 - 2012-08-31 01:50 - 00090112 ____A C:\Windows\Minidump\Mini083112-01.dmp
    2012-08-28 16:13 - 2012-08-28 16:13 - 00090112 ____A C:\Windows\Minidump\Mini082812-01.dmp
    2012-08-27 02:25 - 2012-08-27 02:25 - 00090112 ____A C:\Windows\Minidump\Mini082712-01.dmp
    2012-08-16 14:27 - 2011-12-07 18:38 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-08-15 03:43 - 2011-12-01 16:16 - 00005561 ____A C:\InstallHelper.log
    2012-08-15 03:42 - 2012-08-15 03:42 - 00001770 ____A C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
    2012-08-11 11:15 - 2012-08-11 11:15 - 00090112 ____A C:\Windows\Minidump\Mini081112-01.dmp
    2012-07-30 14:08 - 2012-09-20 13:52 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
    2012-07-29 02:38 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120730-140807.backup
    2012-07-29 01:16 - 2012-07-29 02:38 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120729-023855.backup
    2012-07-28 18:34 - 2012-03-31 16:02 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
    2012-07-28 14:10 - 2004-08-26 14:00 - 00096341 ____A C:\Windows\wmsetup.log
    2012-07-28 14:03 - 2012-03-31 09:05 - 00000118 ____A C:\SmartInstaller.log
    2012-07-28 13:57 - 2004-08-26 14:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
    2012-07-26 02:50 - 2012-07-26 02:50 - 00090112 ____A C:\Windows\Minidump\Mini072612-01.dmp
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000532 ____A C:\Windows\win.ini
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000227 ____A C:\Windows\system.ini
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000210 __ASH C:\boot.ini
    2012-07-21 13:59 - 2012-03-29 05:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-21 13:59 - 2011-12-02 22:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points (XP) =====================
    RP: -> 2012-10-15 21:10 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP370
    RP: -> 2012-10-15 01:58 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP368
    RP: -> 2012-10-14 17:30 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP367
    RP: -> 2012-10-14 16:13 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366
    RP: -> 2012-10-13 16:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP365
    RP: -> 2012-10-12 16:26 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP364
    RP: -> 2012-10-11 15:55 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363
    RP: -> 2012-10-10 15:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP362
    RP: -> 2012-10-09 15:06 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP361
    RP: -> 2012-10-08 13:35 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP360
    RP: -> 2012-10-07 10:37 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP359
    RP: -> 2012-10-06 05:15 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP358
    RP: -> 2012-10-05 04:23 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP357
    RP: -> 2012-10-03 22:52 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP356

    ==================== Memory info ===========================
    Percentage of memory in use: 26%
    Total physical RAM: 959.48 MB
    Available physical RAM: 708.77 MB
    Total Pagefile: 859.05 MB
    Available Pagefile: 759.11 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2002.18 MB
    ==================== Partitions =============================
    1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    2 Drive c: () (Fixed) (Total:69.61 GB) (Free:34.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
    7 Drive h: (RECOVERY) (Fixed) (Total:4.91 GB) (Free:2.88 GB) FAT32
    8 Drive I: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.55 GB) FAT
    9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 5036 MB 32 KB
    Partition 2 Primary 70 GB 5036 MB
    =========================================================
    Disk: 0
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 H RECOVERY FAT32 Partition 5036 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 70 GB Healthy
    =========================================================
    ==================== End Of Log ============================
     
  4. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Hers the search.txt info;

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
    Ran by SYSTEM at 16-10-2012 18:13:56
    Running from I:\
    Microsoft Windows XP (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
    HKLM\...\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui [348160 2006-03-15] (TP-LINK TECHNOLOGIES CO., LTD)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2004-07-12] (NVIDIA Corporation)
    HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [4112384 2004-07-12] (NVIDIA Corporation)
    HKLM\...\Run: [nwiz] nwiz.exe /install [x]
    HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-06-04] (NVIDIA Corporation)
    HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
    HKLM\...\Run: [PCTools FW] C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FirewallGUI.exe [x]
    HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
    HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2
    ==================== Services (Whitelisted) ===================
    2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-08-05] ()
    3 brmfrmps; "C:\WINDOWS\system32\Brmfrmps.exe" -service [65536 2003-05-05] (Brother Industries, Ltd.)
    3 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
    3 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    3 QuikSync; C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [13312 2010-07-01] ()
    2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
    2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
    3 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-14] (Secunia)
    4 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-10-14] (Secunia)
    3 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [113200 2009-10-22] (VMware, Inc.)
    3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.)
    3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
    3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.)
    3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
    3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
    3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
    4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
    2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]
    4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
    2 PCToolsFirewallPlus; C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FWService.exe [x]
    3 ufad-ws60; "C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml [x]
    ==================== Drivers (Whitelisted) ====================
    2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2011-11-27] (Meetinghouse Data Communications)
    3 AR5523; C:\Windows\System32\DRIVERS\ar5523.sys [360288 2006-01-16] (Atheros Communications, Inc.)
    3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.)
    2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.)
    3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
    3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
    3 nvax; C:\Windows\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
    3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2004-05-16] (NVIDIA Corporation)
    3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation)
    0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21760 2004-04-01] (NVIDIA Corporation)
    1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
    2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [162584 2012-04-23] (PC Tools)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
    3 PCTFW-PacketFilter; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [91648 2012-04-19] (PC Tools)
    1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [254944 2012-06-22] (PC Tools)
    3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
    3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
    3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [125920 2012-06-22] (PC Tools)
    3 pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [70568 2012-06-22] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
    3 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2011-11-27] (New Boundary Technologies, Inc.)
    3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
    3 QslFsFltr; C:\Windows\System32\DRIVERS\QslFsFltr.sys [12672 2010-07-01] (Windows (R) Win 7 DDK provider)
    3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [40724 2004-10-20] (Alcor Micro Corp.)
    3 SunkFilt39; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [42968 2004-10-18] (Alcor Micro Corp.)
    2 vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys [70704 2009-10-22] (VMware, Inc.)
    3 vmkbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2009-10-22] (VMware, Inc.)
    2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.)
    2 VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.)
    2 vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.)
    2 vstor2-mntapi10; \??\C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [22576 2009-11-03] (VMware, Inc.)
    2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
    3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [91136 2008-08-11] (ZOOM)
    4 Abiosdsk; [x]
    4 Atdisk; [x]
    1 Changer; [x]
    1 lbrtfdc; [x]
    1 PCIDump; [x]
    3 PDCOMP; [x]
    3 PDFRAME; [x]
    3 PDRELI; [x]
    3 PDRFRAME; [x]
    4 Simbad; [x]
    3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
    3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
    3 WDICA; [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2012-10-16 18:13 - 2012-10-16 18:13 - 00000000 ____D C:\FRST
    2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
    2012-10-16 02:59 - 2012-10-16 02:59 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-15 04:26 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-14 20:31 - 2012-10-15 19:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-10-14 16:13 - 2012-10-14 16:13 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-10-14 16:09 - 2012-10-14 16:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
    2012-10-14 15:55 - 2012-10-14 15:55 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DriverCure
    2012-10-14 15:54 - 2012-10-14 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
    2012-10-14 05:09 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
    2012-10-14 04:21 - 2012-10-14 04:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2012-10-14 04:20 - 2012-10-14 04:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    2012-10-13 09:13 - 2012-10-16 03:18 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
    2012-10-13 07:52 - 2012-10-13 07:57 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    2012-10-09 05:28 - 2012-10-09 05:44 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
    2012-10-09 05:04 - 2012-10-09 05:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    2012-10-08 01:49 - 2012-10-08 01:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
    2012-10-06 00:44 - 2012-10-06 00:44 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
    2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
    2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd106.dll
    2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
    2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd101b.dll
    2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    2012-09-24 04:23 - 2012-09-24 04:23 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spam Monitor
    2012-09-24 04:22 - 2012-06-22 11:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-09-24 04:22 - 2012-06-22 11:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
    2012-09-24 04:22 - 2012-06-22 11:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-09-24 04:22 - 2012-06-22 10:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-09-24 04:22 - 2012-06-22 10:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    2012-09-24 04:21 - 2012-06-22 15:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
    2012-09-24 04:21 - 2012-06-22 15:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
    2012-09-24 04:20 - 2012-09-24 04:20 - 00000000 ____D C:\Program Files\PC Tools
    2012-09-24 04:20 - 2012-06-22 15:35 - 00125920 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw.sys
    2012-09-24 04:20 - 2012-06-22 15:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
    2012-09-24 04:20 - 2012-04-19 09:56 - 00091648 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter.sys
    2012-09-24 04:20 - 2011-07-08 09:55 - 00032936 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-DNS.sys
    2012-09-24 04:20 - 2010-07-08 08:49 - 00057536 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis.sys
    2012-09-24 04:18 - 2012-04-23 12:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
    2012-09-24 04:18 - 2012-04-23 12:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
    2012-09-24 04:18 - 2012-02-28 11:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
    2012-09-24 04:18 - 2012-02-28 11:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
    2012-09-24 03:53 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
    2012-09-24 03:19 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
    2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    2012-09-21 04:15 - 2012-09-21 04:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\File Recover
    2012-09-21 04:12 - 2012-09-21 04:12 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Product_FR
    2012-09-21 02:22 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
    2012-09-21 01:57 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
    2012-09-21 01:53 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
    2012-09-21 01:47 - 2012-09-21 01:47 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
    2012-09-20 15:29 - 2012-09-20 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
    2012-09-20 15:03 - 2012-09-20 13:52 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
    2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
    2012-09-20 13:52 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
    2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
    ==================== 3 Months Modified Files ==================
    2012-10-16 17:03 - 2004-08-26 14:08 - 00031906 ____A C:\Windows\SchedLgU.Txt
    2012-10-16 17:03 - 2004-08-26 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-16 17:03 - 2004-08-26 14:02 - 01343160 ____A C:\Windows\WindowsUpdate.log
    2012-10-16 17:03 - 2004-08-26 06:58 - 00000214 ____A C:\Windows\wiadebug.log
    2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    2012-10-16 15:26 - 2011-12-01 15:57 - 00000049 ____A C:\Windows\NeroDigital.ini
    2012-10-16 15:16 - 2004-08-26 06:58 - 00000050 ____A C:\Windows\wiaservc.log
    2012-10-16 15:13 - 2011-11-27 01:11 - 00004452 ____A C:\Windows\System32\nvapps.xml
    2012-10-16 15:12 - 2004-08-26 14:09 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
    2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    2012-10-16 05:00 - 2011-12-08 05:09 - 00000314 ____A C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    2012-10-16 03:25 - 2004-08-26 12:12 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
    2012-10-16 03:18 - 2012-10-13 09:13 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
    2012-10-15 21:17 - 2011-11-27 11:59 - 00000237 ____A C:\Documents and Settings\Owner\Desktop\CSG Pay.url
    2012-10-15 14:29 - 2011-11-27 02:27 - 01150717 ____A C:\Windows\setupapi.log
    2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    2012-10-15 09:00 - 2011-12-08 05:08 - 00000348 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-14 15:01 - 2011-12-01 16:02 - 00000378 ____A C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
    2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    2012-10-13 07:57 - 2012-10-13 07:52 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    2012-10-12 07:13 - 2011-11-28 07:47 - 00003510 ____A C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    2012-10-09 05:44 - 2012-10-09 05:28 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
    2012-10-09 05:04 - 2011-11-27 02:43 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-09 05:04 - 2011-11-27 02:43 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    2012-10-04 20:16 - 2011-12-06 21:09 - 00000416 ____A C:\Documents and Settings\Owner\My Documents\spider.sav
    2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    2012-10-01 22:26 - 2011-12-31 10:49 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
    2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    2012-09-24 04:43 - 2012-03-27 01:59 - 00601593 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    2012-09-24 03:53 - 2012-10-14 05:09 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
    2012-09-24 03:19 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
    2012-09-24 02:29 - 2004-08-26 14:04 - 00002577 ____A C:\Windows\System32\CONFIG.NT
    2012-09-23 03:43 - 2011-12-08 16:45 - 00000462 ____A C:\Windows\BRWMARK.INI
    2012-09-23 03:43 - 2011-12-08 16:45 - 00000079 ____A C:\Windows\BRPP2KA.INI
    2012-09-21 14:18 - 2012-09-07 04:04 - 00000331 ____A C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
    2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    2012-09-21 02:22 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
    2012-09-21 01:57 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
    2012-09-21 01:53 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
    2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
    2012-09-20 15:13 - 2004-08-26 12:12 - 00001170 ____A C:\Windows\System32\wpa.dbl
    2012-09-20 15:03 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
    2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
    2012-09-20 13:52 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
    2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
    2012-09-14 03:50 - 2012-09-14 03:50 - 00090112 ____A C:\Windows\Minidump\Mini091412-01.dmp
    2012-09-09 01:10 - 2012-09-09 01:10 - 00000187 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to USB DISK (K).lnk
    2012-09-07 17:04 - 2012-10-15 04:26 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-05 06:08 - 2012-09-05 06:08 - 00028591 ____A C:\Documents and Settings\Owner\Desktop\Repertoire_Template.xlsx
    2012-08-31 01:50 - 2012-08-31 01:50 - 00090112 ____A C:\Windows\Minidump\Mini083112-01.dmp
    2012-08-28 16:13 - 2012-08-28 16:13 - 00090112 ____A C:\Windows\Minidump\Mini082812-01.dmp
    2012-08-27 02:25 - 2012-08-27 02:25 - 00090112 ____A C:\Windows\Minidump\Mini082712-01.dmp
    2012-08-16 14:27 - 2011-12-07 18:38 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-08-15 03:43 - 2011-12-01 16:16 - 00005561 ____A C:\InstallHelper.log
    2012-08-15 03:42 - 2012-08-15 03:42 - 00001770 ____A C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
    2012-08-11 11:15 - 2012-08-11 11:15 - 00090112 ____A C:\Windows\Minidump\Mini081112-01.dmp
    2012-07-30 14:08 - 2012-09-20 13:52 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
    2012-07-29 02:38 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120730-140807.backup
    2012-07-29 01:16 - 2012-07-29 02:38 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120729-023855.backup
    2012-07-28 18:34 - 2012-03-31 16:02 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
    2012-07-28 14:10 - 2004-08-26 14:00 - 00096341 ____A C:\Windows\wmsetup.log
    2012-07-28 14:03 - 2012-03-31 09:05 - 00000118 ____A C:\SmartInstaller.log
    2012-07-28 13:57 - 2004-08-26 14:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
    2012-07-26 02:50 - 2012-07-26 02:50 - 00090112 ____A C:\Windows\Minidump\Mini072612-01.dmp
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000532 ____A C:\Windows\win.ini
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000227 ____A C:\Windows\system.ini
    2012-07-23 15:05 - 2004-08-26 12:12 - 00000210 __ASH C:\boot.ini
    2012-07-21 13:59 - 2012-03-29 05:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-21 13:59 - 2011-12-02 22:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points (XP) =====================
    RP: -> 2012-10-15 21:10 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP370
    RP: -> 2012-10-15 01:58 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP368
    RP: -> 2012-10-14 17:30 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP367
    RP: -> 2012-10-14 16:13 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366
    RP: -> 2012-10-13 16:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP365
    RP: -> 2012-10-12 16:26 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP364
    RP: -> 2012-10-11 15:55 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363
    RP: -> 2012-10-10 15:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP362
    RP: -> 2012-10-09 15:06 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP361
    RP: -> 2012-10-08 13:35 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP360
    RP: -> 2012-10-07 10:37 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP359
    RP: -> 2012-10-06 05:15 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP358
    RP: -> 2012-10-05 04:23 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP357
    RP: -> 2012-10-03 22:52 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP356

    ==================== Memory info ===========================
    Percentage of memory in use: 26%
    Total physical RAM: 959.48 MB
    Available physical RAM: 708.77 MB
    Total Pagefile: 859.05 MB
    Available Pagefile: 759.11 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2002.18 MB
    ==================== Partitions =============================
    1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    2 Drive c: () (Fixed) (Total:69.61 GB) (Free:34.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
    7 Drive h: (RECOVERY) (Fixed) (Total:4.91 GB) (Free:2.88 GB) FAT32
    8 Drive I: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.55 GB) FAT
    9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 5036 MB 32 KB
    Partition 2 Primary 70 GB 5036 MB
    =========================================================
    Disk: 0
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 H RECOVERY FAT32 Partition 5036 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 70 GB Healthy
    =========================================================
    ==================== End Of Log ============================
     
  5. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Hi again Jay ...Sorry, I didnt notice the 'see this' at the very top of your answer before posting the logs you requested.
    Should I now go back and run those others as well?
    ...now its a catch 22 since your reply said dont do anything else beyond what you ask specifically so? :)
    Just let me know & I'll follow up with the rest. Thanks & sorry for the confusion.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine, no biggie...

    We need to change route here... please do the following:

    In OTLPE, please open OTL on the Desktop, and do the following:

    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to Non-Microsoft
      • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

      • Click the Run Scan button. The scan will not take long.
      • When finished, the file will be saved in drive C:\_OTL\MovedFiles
      • Copy this file to your USB drive if you do not have internet connection on this system
      • Please post the contents of the OTL.txt file in your reply.
     
  7. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Am I going through the previous steps & changing bios to open with CD with the same CD I created?
    Thanks for clarifying :)
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You should be able to boot to the CD and pick OTLPE icon.
     
  9. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Ok, hope I did this correctly ...had to wing it :)
    there was no question shown- Do you wish to load the remote registry
    Also the -Change Drivers to Non-Microsoft' wasnt an option only could check
    NONE, ALL or SAFELIST which was already checked so I left it for safelist?
    here is the logfile:


    OTL logfile created on: 10/17/2012 9:41:13 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    959.00 Mb Total Physical Memory | 703.00 Mb Available Physical Memory | 73.00% Memory free
    859.00 Mb Paging File | 769.00 Mb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.61 Gb Total Space | 34.23 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
    Drive H: | 4.91 Gb Total Space | 2.88 Gb Free Space | 58.73% Space Free | Partition Type: FAT32
    Drive I: | 1.86 Gb Total Space | 1.55 Gb Free Space | 83.20% Space Free | Partition Type: FAT
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (PCToolsFirewallPlus)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/13 14:28:01 | 000,161,776 | ---- | M] (Oracle Corporation) [Disabled] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/11/27 01:18:30 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [On_Demand] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2010/07/01 11:11:10 | 000,013,312 | ---- | M] () [On_Demand] -- C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe -- (QuikSync)
    SRV - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2005/08/05 07:10:44 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand] -- -- (Sunkfiltp)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/06/22 15:35:16 | 000,070,568 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2012/06/22 15:35:06 | 000,125,920 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
    DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/06/22 15:29:36 | 000,254,944 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
    DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2012/04/23 12:36:48 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
    DRV - [2012/04/19 09:56:54 | 000,091,648 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
    DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
    DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
    DRV - [2010/07/01 11:10:14 | 000,012,672 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\QslFsFltr.sys -- (QslFsFltr)
    DRV - [2009/11/03 13:30:12 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys -- (vstor2-mntapi10)
    DRV - [2009/10/22 04:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2009/10/22 04:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
    DRV - [2009/10/22 04:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
    DRV - [2009/10/22 04:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2009/10/22 04:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2009/10/22 04:44:06 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
    DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
    DRV - [2009/10/22 00:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2008/08/11 05:02:10 | 000,091,136 | ---- | M] (ZOOM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zmghpau.sys -- (ZMGHPAudioSrv)
    DRV - [2006/01/16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
    DRV - [2004/10/20 15:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2004/10/18 18:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
    DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/05/25 14:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/05/25 14:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/05/17 02:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/05/16 22:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2004/04/01 23:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
    DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
    IE - HKU\Owner_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/24 08:03:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/24 04:22:13 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/10/14 05:09:01 | 000,444,321 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15263 more lines...
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PCTools FW] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1342115613140 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342201013312 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    MsConfig - Services: "Browser Defender Update Service"
    MsConfig - Services: "wuauserv"
    MsConfig - Services: "Secunia Update Agent"
    MsConfig - Services: "JavaQuickStarterService"
    MsConfig - Services: "iPod Service"
    MsConfig - Services: "Apple Mobile Device"
    MsConfig - Services: "AudioSrv"
    MsConfig - Services: "AdobeFlashPlayerUpdateSvc"
    MsConfig - Services: "RSVP"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled - - File not found
    MsConfig - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
    MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    SafeBootMin: 96283755.sys - Driver
    SafeBootMin: AppMgmt - File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{7e853105-3adf-4199-a079-d87c2afd375f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
     
  10. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Sharedaccess - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: BITS - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/16 18:13:38 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/16 16:45:22 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    [2012/10/16 02:59:32 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07292517.sys
    [2012/10/16 02:59:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/15 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/15 04:26:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/10/14 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/14 17:31:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/10/14 16:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/10/14 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2012/10/14 15:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2012/10/14 15:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
    [2012/10/14 04:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2012/10/14 04:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/10/14 04:16:54 | 003,255,248 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    [2012/10/13 11:00:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2012/10/13 09:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/10/13 09:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/10/13 07:51:10 | 000,386,560 | ---- | C] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    [2012/10/09 05:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2012/10/08 01:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
    [2012/10/06 00:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
    [2012/10/02 01:36:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
    [2012/10/02 01:36:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
    [2012/10/02 01:36:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
    [2012/10/02 01:36:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
    [2012/09/28 18:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
    [2012/09/24 04:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spam Monitor
    [2012/09/24 04:22:11 | 000,070,768 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
    [2012/09/24 04:22:10 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2012/09/24 04:22:10 | 000,149,464 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2012/09/24 04:22:09 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2012/09/24 04:21:17 | 000,254,944 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2012/09/24 04:21:08 | 000,017,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
    [2012/09/24 04:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
    [2012/09/24 04:20:55 | 000,125,920 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
    [2012/09/24 04:20:55 | 000,091,648 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
    [2012/09/24 04:20:55 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
    [2012/09/24 04:20:55 | 000,032,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
    [2012/09/24 04:20:51 | 000,070,568 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2012/09/24 04:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/09/24 04:18:59 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
    [2012/09/24 04:18:59 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
    [2012/09/24 04:18:55 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2012/09/24 04:18:55 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2012/09/21 04:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\File Recover
    [2012/09/21 04:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Product_FR
    [2012/09/21 03:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
    [2012/09/21 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/09/21 01:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
    [2012/09/21 01:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
    [2012/09/20 15:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP

    ========== Files - Modified Within 30 Days ==========

    [2012/10/17 20:25:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/17 20:14:29 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/10/17 14:30:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rd4cdpl7.exe
    [2012/10/17 05:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    [2012/10/16 16:45:28 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
    [2012/10/16 15:26:51 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/10/16 05:47:55 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    [2012/10/16 03:18:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/10/16 02:59:32 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07292517.sys
    [2012/10/15 21:17:09 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CSG Pay.url
    [2012/10/15 19:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/15 19:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2012/10/15 13:00:49 | 000,004,091 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    [2012/10/15 12:44:36 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    [2012/10/15 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2012/10/15 04:27:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/14 15:01:53 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
    [2012/10/14 05:09:01 | 000,444,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/14 04:16:56 | 003,255,248 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
    [2012/10/13 07:57:11 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    [2012/10/13 07:51:10 | 000,386,560 | ---- | M] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe
    [2012/10/12 07:13:04 | 000,003,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2012/10/12 04:25:19 | 000,003,781 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    [2012/10/12 04:07:07 | 000,001,366 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    [2012/10/11 00:58:22 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    [2012/10/09 07:39:39 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    [2012/10/09 05:44:18 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\emorhc.pad
    [2012/10/09 05:04:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/09 05:04:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/09 04:01:15 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    [2012/10/08 02:50:51 | 000,044,487 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    [2012/10/08 02:50:51 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    [2012/10/04 20:16:49 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
    [2012/10/02 01:09:40 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    [2012/10/01 22:26:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/10/01 03:51:04 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    [2012/09/24 04:43:24 | 000,601,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/09/24 04:21:09 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    [2012/09/24 04:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
    [2012/09/24 03:53:09 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121014-050901.backup
    [2012/09/24 03:19:00 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120924-035309.backup
    [2012/09/24 02:29:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/09/23 03:43:19 | 000,000,462 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
    [2012/09/23 03:43:19 | 000,000,079 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
    [2012/09/21 14:18:09 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
    [2012/09/21 12:55:13 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    [2012/09/21 04:15:19 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools File Recover.lnk
    [2012/09/21 02:22:56 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120924-031900.backup
    [2012/09/21 01:57:43 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-022256.backup
    [2012/09/21 01:53:18 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-015743.backup
    [2012/09/20 15:13:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/09/20 15:03:33 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-015318.backup
    [2012/09/20 13:52:51 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120920-150333.backup

    ========== Files Created - No Company Name ==========

    [2012/10/17 14:30:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rd4cdpl7.exe
    [2012/10/16 05:47:55 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
    [2012/10/15 13:00:48 | 000,004,091 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
    [2012/10/15 12:44:36 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
    [2012/10/15 04:27:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/13 09:13:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/10/13 07:52:10 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
    [2012/10/12 04:25:19 | 000,003,781 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
    [2012/10/12 04:07:07 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
    [2012/10/11 00:58:22 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
    [2012/10/09 07:39:32 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
    [2012/10/09 05:28:36 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\emorhc.pad
    [2012/10/09 04:01:15 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
    [2012/10/08 02:50:51 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
    [2012/10/08 02:50:41 | 000,044,487 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
    [2012/10/02 01:09:40 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
    [2012/10/01 03:51:04 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
    [2012/09/24 04:22:10 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2012/09/24 04:22:10 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2012/09/24 04:22:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2012/09/24 04:22:10 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2012/09/24 04:22:10 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2012/09/24 04:21:09 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
    [2012/09/21 12:55:13 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
    [2012/09/21 04:15:19 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools File Recover.lnk
    [2012/02/15 20:02:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/12 09:53:34 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2012/01/12 09:53:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
    [2012/01/06 16:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2012/01/06 16:44:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2012/01/06 16:44:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2012/01/06 16:44:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
    [2012/01/06 16:43:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2012/01/06 09:49:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2011/12/31 15:37:59 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\WebpageIcons.db
    [2011/12/31 10:55:37 | 000,029,904 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/12/15 02:10:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/12/08 16:45:44 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2011/12/08 16:45:44 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2011/12/01 15:57:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/01 15:57:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/29 23:20:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2011/11/28 07:47:53 | 000,003,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2011/11/27 02:06:53 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
    [2011/11/27 02:06:53 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
    [2011/11/27 02:06:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
    [2011/11/27 02:06:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2011/11/27 01:31:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2011/11/27 01:29:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
    [2011/11/27 01:18:31 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
    [2011/11/27 01:15:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/11/27 01:02:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
    [2008/08/11 05:02:00 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
    [2008/08/11 05:01:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\zmghpaudcp.exe
    [2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/26 12:12:43 | 000,001,086 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/08/26 12:12:43 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/26 12:12:10 | 000,445,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/26 12:12:10 | 000,073,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/26 06:54:01 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
    [2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2012/03/27 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spam Monitor
    [2012/09/21 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
    [2012/01/21 12:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton
    [2012/10/14 15:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2012/04/04 07:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
    [2012/01/04 08:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
    [2012/03/16 05:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
    [2012/03/29 05:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
    [2012/03/27 02:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCTools
    [2012/09/21 04:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Product_FR
    [2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2012/09/24 04:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spam Monitor
    [2012/10/14 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
    [2011/11/28 07:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
    [2012/03/27 01:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
    [2012/01/21 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2011/11/28 07:22:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/11/27 00:10:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/03/27 01:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/10/17 20:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/11/27 01:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/12/31 10:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < DRIVES >

    < SHOWHIDDEN >

    < CreateRestorePoint >

    Invalid Environment Variable: %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\

    Invalid Environment Variable: %AppData%\Local\

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/10/16 02:59:32 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\07292517.sys
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2012/10/16 03:25:03 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys

    < %systemroot%\System32\config\*.sav >
    [2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %SYSTEMDRIVE%\*.exe /md5 >

    Invalid Environment Variable: %WinDir%\$NtUninstallKB*$. /30

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
    [2012/05/11 20:12:34 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
    [2012/05/11 10:42:33 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
    [2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
    [2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
    [2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/01/21 12:37:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ableton
    [2012/03/29 01:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2011/11/27 01:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
    [2011/12/31 10:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2012/05/31 17:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
    [2011/11/27 00:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
    [2011/12/31 10:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2012/01/06 16:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
    [2011/11/28 07:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\CanonBJ
    [2011/12/14 07:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
    [2012/10/14 17:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2011/11/27 01:06:08 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2011/11/27 01:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2012/06/12 00:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2011/11/27 01:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
    [2012/08/15 03:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
    [2012/06/12 00:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\EMC Corporation
    [2012/10/14 16:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
    [2012/03/29 00:35:02 | 000,000,000 | ---D | M] -- C:\Program Files\FileHippo.com
    [2012/10/09 01:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012/01/06 16:43:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2012/07/12 15:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2012/03/29 06:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2012/03/29 06:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2012/07/13 14:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2012/10/15 19:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/24 08:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2011/12/08 06:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2012/03/29 06:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2004/08/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2011/11/27 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
    [2012/01/02 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2011/11/27 01:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2011/12/09 19:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2011/12/18 19:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2012/03/29 05:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2004/08/26 14:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
    [2011/11/27 01:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
    [2004/08/26 14:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2011/11/28 06:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2011/12/08 05:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2011/11/27 01:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2011/11/29 23:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2011/12/09 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2012/09/24 04:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools
    [2012/04/28 22:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop 5.5
    [2011/11/27 01:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
    [2012/02/16 02:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2011/12/18 19:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012/03/29 05:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
    [2011/11/27 02:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\TP-LINK
    [2011/11/27 02:31:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2011/12/15 02:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\USPS
    [2011/11/27 01:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
    [2012/06/12 00:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\VMware
    [2012/09/21 01:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
    [2012/05/25 00:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2012/05/25 00:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2011/12/08 05:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2004/08/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2012/01/21 12:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\ZOOM

    Invalid Environment Variable: %appdata%\*.*


    < MD5 for: AFD.SYS >
    [2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
    [2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
    [2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
    [2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
    [2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
    [2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
    [2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3QFE\afd.sys
    [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
    [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2GDR\afd.sys
    [2004/08/04 15:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
    [2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
    [2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2QFE\afd.sys
    [2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
    [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
    [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
    [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3GDR\afd.sys
    [2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
    [2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\afd.sys
    [2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    [2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\afd.sys
    [2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    [2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\afd.sys
    [2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    [2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
    [2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\afd.sys
    [2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
    [2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
    [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
    [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
    [2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
    [2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/04 15:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
    [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
    [2004/08/04 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
    < End of report >
     
  11. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Just a note- this had showed up as a problem earlier & I never had COMODO
    [2012/10/13 07:51:10 | 000,386,560 | ---- | M] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Tell you what, go back to Normal Mode, do the following:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  13. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    No malicious found. Here is the TDSS logfile ...attached
     

    Attached Files:

  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  15. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Here is the aswMBR textlog & dat file.
    Running combofix now.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-19 02:06:49
    -----------------------------
    02:06:49.703 OS Version: Windows 5.1.2600 Service Pack 3
    02:06:49.703 Number of processors: 1 586 0xA00
    02:06:49.703 ComputerName: MARTY UserName: Owner
    02:06:52.437 Initialize success
    02:09:21.437 AVAST engine defs: 12101801
    02:09:52.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    02:09:52.343 Disk 0 Vendor: WDC_WD800BB-22JHA0 05.01C05 Size: 76319MB BusType: 3
    02:09:52.375 Disk 0 MBR read successfully
    02:09:52.375 Disk 0 MBR scan
    02:09:52.515 Disk 0 unknown MBR code
    02:09:52.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 71280 MB offset 10313730
    02:09:52.562 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5035 MB offset 63
    02:09:52.578 Disk 0 scanning sectors +156296385
    02:09:52.718 Disk 0 scanning C:\WINDOWS\system32\drivers
    02:13:07.531 Service scanning
    02:15:27.250 Modules scanning
    02:16:09.703 AVAST engine scan C:\WINDOWS
    02:16:47.578 AVAST engine scan C:\WINDOWS\system32
    02:30:50.734 AVAST engine scan C:\WINDOWS\system32\drivers
    02:32:22.812 AVAST engine scan C:\Documents and Settings\Owner
    02:55:50.953 File: C:\Documents and Settings\Owner\My Documents\7af3996f.exe **INFECTED** Win32:Kryptik-KEG [Trj]
    03:04:16.156 AVAST engine scan C:\Documents and Settings\All Users
    03:12:52.328 Scan finished successfully
    03:15:45.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    03:15:45.796 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
     

    Attached Files:

    • MBR.txt
      File size:
      512 bytes
      Views:
      0
  16. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    The combofix scan ended, havent dont the fix yet because....
    It had to reinstall the recovery console in order to create a restore point &
    never did disconnect from the internet.
    Found rootkit zero.access in tcp/ip?
    Is this scan ok to finish since it never disconnected from internet?
    Please reply asap, thanks!
     
  17. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Ive got bigger troubles now.
    Combofix didnt want to wait & did all it could waiting for me to ok a reboot.
    I finally just agreed , & upon reboot it ran another scan on its own
    (this time it did not connect to the internet)
    I have not been able to connect back to the internet since. Sorry for the delay but had to wait for the laptop to come home :) I'll only have this available a short time.
    PC Tools ran its scan & found 20+ infections. Most if not all were registry Hkey related with "CATCHME" type entries.
    It cleaned them but still no internet now.
    Hope I didnt screw up by allowing the combofix & let more things in?
    Im now running malwarebytes quick scan.
     
  18. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    I retrieved the combofix logs attached
     

    Attached Files:

  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry to hear you had trouble. Please try to run the following:

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  20. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    There is an hkey service asking permission to run through pc tools.
    says its ...combofix\catchme etc. Is this valid, should I allow?
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes it is. :)
     
  22. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Heres the new combofix log

    ComboFix 12-10-18.03 - Owner 10/20/2012 1:25.2.1 - x86
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    * Created a new restore point
    .
    FILE ::
    "c:\documents and settings\Owner\My Documents\7af3996f.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-16 22:13 . 2012-10-16 22:13 -------- d-----w- C:\FRST
    2012-10-16 06:59 . 2012-10-16 06:59 177496 ----a-w- c:\windows\system32\drivers\07292517.sys
    2012-10-16 06:59 . 2012-10-16 06:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-15 08:26 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-15 06:02 . 2012-10-15 06:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-15 00:31 . 2012-10-15 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-14 20:13 . 2012-10-14 20:13 -------- d-----w- c:\program files\Enigma Software Group
    2012-10-14 20:09 . 2012-10-14 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-10-14 19:55 . 2012-10-14 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
    2012-10-14 19:54 . 2012-10-14 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
    2012-10-14 08:21 . 2012-10-14 08:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-10-14 08:20 . 2012-10-14 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-09 09:04 . 2012-10-09 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2012-10-02 05:36 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2012-10-02 05:36 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2012-09-24 08:23 . 2012-09-24 08:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Spam Monitor
    2012-09-24 08:22 . 2012-06-22 15:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-09-24 08:22 . 2012-06-22 15:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
    2012-09-24 08:22 . 2012-06-22 15:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
    2012-09-24 08:22 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll
    2012-09-24 08:22 . 2012-06-22 15:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
    2012-09-24 08:21 . 2012-06-22 19:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-09-24 08:21 . 2012-06-22 19:33 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-09-24 08:20 . 2012-06-22 19:35 125920 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2012-09-24 08:20 . 2012-04-19 13:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2012-09-24 08:20 . 2011-07-08 13:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2012-09-24 08:20 . 2010-07-08 12:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2012-09-24 08:20 . 2012-06-22 19:35 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-09-24 08:20 . 2012-09-24 08:20 -------- d-----w- c:\program files\PC Tools
    2012-09-24 08:18 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-09-24 08:18 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-09-24 08:18 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-09-24 08:18 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-09-21 08:12 . 2012-09-21 08:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Product_FR
    2012-09-21 05:47 . 2012-09-21 05:47 -------- d-----w- c:\program files\VS Revo Group
    2012-09-20 19:29 . 2012-09-20 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 07:25 . 2004-08-26 16:12 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "nwiz"="nwiz.exe" [2004-07-12 843776]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
    "ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
    backup=c:\windows\pss\Secunia PSI Tray.lnk.disabledCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-07-12 04:50 4112384 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    2004-06-04 04:51 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2004-07-12 04:50 843776 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
    2009-10-22 08:43 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Browser Defender Update Service"=2 (0x2)
    "wuauserv"=2 (0x2)
    "Secunia Update Agent"=3 (0x3)
    "JavaQuickStarterService"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=3 (0x3)
    "AudioSrv"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "RSVP"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunKistEM"=c:\program files\Digital Media Reader\shwiconem.exe
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "<NO NAME>"=
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
    "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
    "SetDefPrt"=c:\program files\Brother\Brmfl04a\BrStDvPt.exe
    "Path"="c:\program files\ZOOM\ZFX Tools\ZFX Tools startup.exe"
    "SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 QslFsFltr;QslFsFltr;c:\windows\system32\DRIVERS\QslFsFltr.sys [x]
    R3 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [x]
    R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [x]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
    S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [x]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    LSP: c:\program files\VMware\VMware Player\vsocklib.dll
    Trusted Zone: pb.com\ibdswebp8-ext
    Trusted Zone: usps.com\carrierpickup
    Trusted Zone: usps.com\tools
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-20 01:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1064)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2012-10-20 01:51:27
    ComboFix-quarantined-files.txt 2012-10-20 05:51
    ComboFix2.txt 2012-10-19 08:53
    .
    Pre-Run: 35,520,106,496 bytes free
    Post-Run: 35,538,763,776 bytes free
    .
    - - End Of File - - 561F2744B54C0773B8F296C023EAF10B
     
  23. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    Just as a sidenote: Security Center is back but not detecting my PC Tools Security suite 2012
    or its Firewall although both seem to be working (Firewall still starts then stops with services start
    but can be enabled manually)
    I will only be available for another 1/2 hr or so ...be back in about 9-10 hrs. Thanks
     
  24. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    ...still no internet connection either, cannot find ip address
     
  25. herewegoagain

    herewegoagain TS Rookie Topic Starter Posts: 50

    I'm back if you are still available & have any instructions.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.