Inactive Infected rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack

herewegoagain · Oct 16, 2012

Hi, My system is Windows xp using pc tools internt security 2012.
1st problem was pc tools firewall always shuts off(must manual enable on sys restart), then windows firewall was missing/removed along with the windows update svs.
Ive done as much as I can with my resources and would appreciate much more expertise at this point.
Ive run various scans for rootkits/trogens and found many different variations using pc tools, malwarebytes, tdsskiller, security check, fss, aswmbr etc. also heightened firewall / cp security which at least stops most redirects and seems to have stabilized the cp for the moment.
Whatever was found was removed ...but I believe this goes too deep for me alone since registry/MBR have been infected. Last scan was aswmbr shows:
C:\Documents and Settings\Owner\My Documents\7af3996f.exe **INFECTED** Win32:Kryptik-KEG [Trj]
There still may be much more ...please help? Thanks for your time

Jay Pfoutz · Oct 16, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

herewegoagain · Oct 16, 2012

Thanks, here's the text info:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 16-10-2012 18:13:56
Running from I:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui [348160 2006-03-15] (TP-LINK TECHNOLOGIES CO., LTD)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [4112384 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-06-04] (NVIDIA Corporation)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [PCTools FW] C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FirewallGUI.exe [x]
HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2
==================== Services (Whitelisted) ===================
2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-08-05] ()
3 brmfrmps; "C:\WINDOWS\system32\Brmfrmps.exe" -service [65536 2003-05-05] (Brother Industries, Ltd.)
3 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
3 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
3 QuikSync; C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [13312 2010-07-01] ()
2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
3 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-14] (Secunia)
4 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-10-14] (Secunia)
3 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [113200 2009-10-22] (VMware, Inc.)
3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.)
3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 PCToolsFirewallPlus; C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FWService.exe [x]
3 ufad-ws60; "C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml [x]
==================== Drivers (Whitelisted) ====================
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2011-11-27] (Meetinghouse Data Communications)
3 AR5523; C:\Windows\System32\DRIVERS\ar5523.sys [360288 2006-01-16] (Atheros Communications, Inc.)
3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.)
2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
3 nvax; C:\Windows\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2004-05-16] (NVIDIA Corporation)
3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation)
0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21760 2004-04-01] (NVIDIA Corporation)
1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [162584 2012-04-23] (PC Tools)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
3 PCTFW-PacketFilter; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [91648 2012-04-19] (PC Tools)
1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [254944 2012-06-22] (PC Tools)
3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [125920 2012-06-22] (PC Tools)
3 pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [70568 2012-06-22] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
3 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2011-11-27] (New Boundary Technologies, Inc.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
3 QslFsFltr; C:\Windows\System32\DRIVERS\QslFsFltr.sys [12672 2010-07-01] (Windows (R) Win 7 DDK provider)
3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [40724 2004-10-20] (Alcor Micro Corp.)
3 SunkFilt39; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [42968 2004-10-18] (Alcor Micro Corp.)
2 vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys [70704 2009-10-22] (VMware, Inc.)
3 vmkbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2009-10-22] (VMware, Inc.)
2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.)
2 VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.)
2 vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.)
2 vstor2-mntapi10; \??\C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [22576 2009-11-03] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [91136 2008-08-11] (ZOOM)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-10-16 18:13 - 2012-10-16 18:13 - 00000000 ____D C:\FRST
2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
2012-10-16 02:59 - 2012-10-16 02:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-15 04:26 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-14 20:31 - 2012-10-15 19:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-14 16:13 - 2012-10-14 16:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-10-14 16:09 - 2012-10-14 16:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-10-14 15:55 - 2012-10-14 15:55 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DriverCure
2012-10-14 15:54 - 2012-10-14 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
2012-10-14 05:09 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
2012-10-14 04:21 - 2012-10-14 04:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2012-10-14 04:20 - 2012-10-14 04:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
2012-10-13 09:13 - 2012-10-16 03:18 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-10-13 07:52 - 2012-10-13 07:57 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
2012-10-09 05:28 - 2012-10-09 05:44 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
2012-10-09 05:04 - 2012-10-09 05:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
2012-10-08 01:49 - 2012-10-08 01:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
2012-10-06 00:44 - 2012-10-06 00:44 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd106.dll
2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd101b.dll
2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
2012-09-24 04:23 - 2012-09-24 04:23 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spam Monitor
2012-09-24 04:22 - 2012-06-22 11:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-09-24 04:22 - 2012-06-22 11:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-09-24 04:22 - 2012-06-22 10:43 - 00003488 ____A C:\Windows\UDB.zip
2012-09-24 04:22 - 2012-06-22 10:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-09-24 04:22 - 2012-06-22 10:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-09-24 04:22 - 2012-06-22 10:43 - 00000131 ____A C:\Windows\IDB.zip
2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-24 04:21 - 2012-06-22 15:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-09-24 04:21 - 2012-06-22 15:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-09-24 04:20 - 2012-09-24 04:20 - 00000000 ____D C:\Program Files\PC Tools
2012-09-24 04:20 - 2012-06-22 15:35 - 00125920 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw.sys
2012-09-24 04:20 - 2012-06-22 15:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-09-24 04:20 - 2012-04-19 09:56 - 00091648 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter.sys
2012-09-24 04:20 - 2011-07-08 09:55 - 00032936 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-DNS.sys
2012-09-24 04:20 - 2010-07-08 08:49 - 00057536 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis.sys
2012-09-24 04:18 - 2012-04-23 12:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2012-09-24 04:18 - 2012-04-23 12:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2012-09-24 04:18 - 2012-02-28 11:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
2012-09-24 04:18 - 2012-02-28 11:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
2012-09-24 03:53 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
2012-09-24 03:19 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
2012-09-21 04:15 - 2012-09-21 04:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\File Recover
2012-09-21 04:12 - 2012-09-21 04:12 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Product_FR
2012-09-21 02:22 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
2012-09-21 01:57 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
2012-09-21 01:53 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
2012-09-21 01:47 - 2012-09-21 01:47 - 00000000 ____D C:\Program Files\VS Revo Group
2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
2012-09-20 15:29 - 2012-09-20 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2012-09-20 15:03 - 2012-09-20 13:52 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
2012-09-20 13:52 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
==================== 3 Months Modified Files ==================
2012-10-16 17:03 - 2004-08-26 14:08 - 00031906 ____A C:\Windows\SchedLgU.Txt
2012-10-16 17:03 - 2004-08-26 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-16 17:03 - 2004-08-26 14:02 - 01343160 ____A C:\Windows\WindowsUpdate.log
2012-10-16 17:03 - 2004-08-26 06:58 - 00000214 ____A C:\Windows\wiadebug.log
2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
2012-10-16 15:26 - 2011-12-01 15:57 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-10-16 15:16 - 2004-08-26 06:58 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-16 15:13 - 2011-11-27 01:11 - 00004452 ____A C:\Windows\System32\nvapps.xml
2012-10-16 15:12 - 2004-08-26 14:09 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
2012-10-16 05:00 - 2011-12-08 05:09 - 00000314 ____A C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2012-10-16 03:25 - 2004-08-26 12:12 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2012-10-16 03:18 - 2012-10-13 09:13 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
2012-10-15 21:17 - 2011-11-27 11:59 - 00000237 ____A C:\Documents and Settings\Owner\Desktop\CSG Pay.url
2012-10-15 14:29 - 2011-11-27 02:27 - 01150717 ____A C:\Windows\setupapi.log
2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
2012-10-15 09:00 - 2011-12-08 05:08 - 00000348 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-14 15:01 - 2011-12-01 16:02 - 00000378 ____A C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
2012-10-13 07:57 - 2012-10-13 07:52 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
2012-10-12 07:13 - 2011-11-28 07:47 - 00003510 ____A C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
2012-10-09 05:44 - 2012-10-09 05:28 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
2012-10-09 05:04 - 2011-11-27 02:43 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 05:04 - 2011-11-27 02:43 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
2012-10-04 20:16 - 2011-12-06 21:09 - 00000416 ____A C:\Documents and Settings\Owner\My Documents\spider.sav
2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
2012-10-01 22:26 - 2011-12-31 10:49 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
2012-09-24 04:43 - 2012-03-27 01:59 - 00601593 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-24 03:53 - 2012-10-14 05:09 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
2012-09-24 03:19 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
2012-09-24 02:29 - 2004-08-26 14:04 - 00002577 ____A C:\Windows\System32\CONFIG.NT
2012-09-23 03:43 - 2011-12-08 16:45 - 00000462 ____A C:\Windows\BRWMARK.INI
2012-09-23 03:43 - 2011-12-08 16:45 - 00000079 ____A C:\Windows\BRPP2KA.INI
2012-09-21 14:18 - 2012-09-07 04:04 - 00000331 ____A C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
2012-09-21 02:22 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
2012-09-21 01:57 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
2012-09-21 01:53 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
2012-09-20 15:13 - 2004-08-26 12:12 - 00001170 ____A C:\Windows\System32\wpa.dbl
2012-09-20 15:03 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
2012-09-20 13:52 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
2012-09-14 03:50 - 2012-09-14 03:50 - 00090112 ____A C:\Windows\Minidump\Mini091412-01.dmp
2012-09-09 01:10 - 2012-09-09 01:10 - 00000187 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to USB DISK (K).lnk
2012-09-07 17:04 - 2012-10-15 04:26 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 06:08 - 2012-09-05 06:08 - 00028591 ____A C:\Documents and Settings\Owner\Desktop\Repertoire_Template.xlsx
2012-08-31 01:50 - 2012-08-31 01:50 - 00090112 ____A C:\Windows\Minidump\Mini083112-01.dmp
2012-08-28 16:13 - 2012-08-28 16:13 - 00090112 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-27 02:25 - 2012-08-27 02:25 - 00090112 ____A C:\Windows\Minidump\Mini082712-01.dmp
2012-08-16 14:27 - 2011-12-07 18:38 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-08-15 03:43 - 2011-12-01 16:16 - 00005561 ____A C:\InstallHelper.log
2012-08-15 03:42 - 2012-08-15 03:42 - 00001770 ____A C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
2012-08-11 11:15 - 2012-08-11 11:15 - 00090112 ____A C:\Windows\Minidump\Mini081112-01.dmp
2012-07-30 14:08 - 2012-09-20 13:52 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
2012-07-29 02:38 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120730-140807.backup
2012-07-29 01:16 - 2012-07-29 02:38 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120729-023855.backup
2012-07-28 18:34 - 2012-03-31 16:02 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
2012-07-28 14:10 - 2004-08-26 14:00 - 00096341 ____A C:\Windows\wmsetup.log
2012-07-28 14:03 - 2012-03-31 09:05 - 00000118 ____A C:\SmartInstaller.log
2012-07-28 13:57 - 2004-08-26 14:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2012-07-26 02:50 - 2012-07-26 02:50 - 00090112 ____A C:\Windows\Minidump\Mini072612-01.dmp
2012-07-23 15:05 - 2004-08-26 12:12 - 00000532 ____A C:\Windows\win.ini
2012-07-23 15:05 - 2004-08-26 12:12 - 00000227 ____A C:\Windows\system.ini
2012-07-23 15:05 - 2004-08-26 12:12 - 00000210 __ASH C:\boot.ini
2012-07-21 13:59 - 2012-03-29 05:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-21 13:59 - 2011-12-02 22:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-10-15 21:10 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP370
RP: -> 2012-10-15 01:58 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP368
RP: -> 2012-10-14 17:30 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP367
RP: -> 2012-10-14 16:13 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366
RP: -> 2012-10-13 16:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP365
RP: -> 2012-10-12 16:26 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP364
RP: -> 2012-10-11 15:55 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363
RP: -> 2012-10-10 15:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP362
RP: -> 2012-10-09 15:06 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP361
RP: -> 2012-10-08 13:35 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP360
RP: -> 2012-10-07 10:37 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP359
RP: -> 2012-10-06 05:15 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP358
RP: -> 2012-10-05 04:23 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP357
RP: -> 2012-10-03 22:52 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP356

==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 959.48 MB
Available physical RAM: 708.77 MB
Total Pagefile: 859.05 MB
Available Pagefile: 759.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:69.61 GB) (Free:34.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive h: (RECOVERY) (Fixed) (Total:4.91 GB) (Free:2.88 GB) FAT32
8 Drive I: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.55 GB) FAT
9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5036 MB 32 KB
Partition 2 Primary 70 GB 5036 MB
=========================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY FAT32 Partition 5036 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 70 GB Healthy
=========================================================
==================== End Of Log ============================

herewegoagain · Oct 16, 2012

Hers the search.txt info;

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 16-10-2012 18:13:56
Running from I:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui [348160 2006-03-15] (TP-LINK TECHNOLOGIES CO., LTD)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [4112384 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-06-04] (NVIDIA Corporation)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [PCTools FW] C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FirewallGUI.exe [x]
HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2
==================== Services (Whitelisted) ===================
2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-08-05] ()
3 brmfrmps; "C:\WINDOWS\system32\Brmfrmps.exe" -service [65536 2003-05-05] (Brother Industries, Ltd.)
3 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
3 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
3 QuikSync; C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [13312 2010-07-01] ()
2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
3 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-14] (Secunia)
4 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-10-14] (Secunia)
3 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [113200 2009-10-22] (VMware, Inc.)
3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.)
3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 PCToolsFirewallPlus; C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\FWService.exe [x]
3 ufad-ws60; "C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml [x]
==================== Drivers (Whitelisted) ====================
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2011-11-27] (Meetinghouse Data Communications)
3 AR5523; C:\Windows\System32\DRIVERS\ar5523.sys [360288 2006-01-16] (Atheros Communications, Inc.)
3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.)
2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
3 nvax; C:\Windows\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2004-05-16] (NVIDIA Corporation)
3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation)
0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21760 2004-04-01] (NVIDIA Corporation)
1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [162584 2012-04-23] (PC Tools)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
3 PCTFW-PacketFilter; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [91648 2012-04-19] (PC Tools)
1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [254944 2012-06-22] (PC Tools)
3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)
3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [125920 2012-06-22] (PC Tools)
3 pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [70568 2012-06-22] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
3 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2011-11-27] (New Boundary Technologies, Inc.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
3 QslFsFltr; C:\Windows\System32\DRIVERS\QslFsFltr.sys [12672 2010-07-01] (Windows (R) Win 7 DDK provider)
3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [40724 2004-10-20] (Alcor Micro Corp.)
3 SunkFilt39; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [42968 2004-10-18] (Alcor Micro Corp.)
2 vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys [70704 2009-10-22] (VMware, Inc.)
3 vmkbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2009-10-22] (VMware, Inc.)
2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.)
2 VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.)
2 vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.)
2 vstor2-mntapi10; \??\C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [22576 2009-11-03] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [91136 2008-08-11] (ZOOM)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-10-16 18:13 - 2012-10-16 18:13 - 00000000 ____D C:\FRST
2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
2012-10-16 02:59 - 2012-10-16 02:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-15 04:26 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-14 20:31 - 2012-10-15 19:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-14 16:13 - 2012-10-14 16:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-10-14 16:09 - 2012-10-14 16:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-10-14 15:55 - 2012-10-14 15:55 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DriverCure
2012-10-14 15:54 - 2012-10-14 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
2012-10-14 05:09 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
2012-10-14 04:21 - 2012-10-14 04:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2012-10-14 04:20 - 2012-10-14 04:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
2012-10-13 09:13 - 2012-10-16 03:18 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-10-13 09:05 - 2012-10-13 09:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-10-13 07:52 - 2012-10-13 07:57 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
2012-10-09 05:28 - 2012-10-09 05:44 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
2012-10-09 05:04 - 2012-10-09 05:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
2012-10-08 01:49 - 2012-10-08 01:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
2012-10-06 00:44 - 2012-10-06 00:44 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
2012-10-02 01:36 - 2008-04-13 19:09 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd106.dll
2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
2012-10-02 01:36 - 2001-08-17 14:55 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\kbd101b.dll
2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
2012-09-24 04:23 - 2012-09-24 04:23 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spam Monitor
2012-09-24 04:22 - 2012-06-22 11:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-09-24 04:22 - 2012-06-22 11:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-09-24 04:22 - 2012-06-22 11:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-09-24 04:22 - 2012-06-22 10:43 - 00003488 ____A C:\Windows\UDB.zip
2012-09-24 04:22 - 2012-06-22 10:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-09-24 04:22 - 2012-06-22 10:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-09-24 04:22 - 2012-06-22 10:43 - 00000131 ____A C:\Windows\IDB.zip
2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-24 04:21 - 2012-06-22 15:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-09-24 04:21 - 2012-06-22 15:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-09-24 04:20 - 2012-09-24 04:20 - 00000000 ____D C:\Program Files\PC Tools
2012-09-24 04:20 - 2012-06-22 15:35 - 00125920 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw.sys
2012-09-24 04:20 - 2012-06-22 15:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-09-24 04:20 - 2012-04-19 09:56 - 00091648 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter.sys
2012-09-24 04:20 - 2011-07-08 09:55 - 00032936 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-DNS.sys
2012-09-24 04:20 - 2010-07-08 08:49 - 00057536 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis.sys
2012-09-24 04:18 - 2012-04-23 12:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2012-09-24 04:18 - 2012-04-23 12:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2012-09-24 04:18 - 2012-02-28 11:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
2012-09-24 04:18 - 2012-02-28 11:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
2012-09-24 03:53 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
2012-09-24 03:19 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
2012-09-21 04:15 - 2012-09-21 04:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\File Recover
2012-09-21 04:12 - 2012-09-21 04:12 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Product_FR
2012-09-21 02:22 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
2012-09-21 01:57 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
2012-09-21 01:53 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
2012-09-21 01:47 - 2012-09-21 01:47 - 00000000 ____D C:\Program Files\VS Revo Group
2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
2012-09-20 15:29 - 2012-09-20 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2012-09-20 15:03 - 2012-09-20 13:52 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
2012-09-20 13:52 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
==================== 3 Months Modified Files ==================
2012-10-16 17:03 - 2004-08-26 14:08 - 00031906 ____A C:\Windows\SchedLgU.Txt
2012-10-16 17:03 - 2004-08-26 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-16 17:03 - 2004-08-26 14:02 - 01343160 ____A C:\Windows\WindowsUpdate.log
2012-10-16 17:03 - 2004-08-26 06:58 - 00000214 ____A C:\Windows\wiadebug.log
2012-10-16 16:45 - 2012-10-16 16:45 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
2012-10-16 15:26 - 2011-12-01 15:57 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-10-16 15:16 - 2004-08-26 06:58 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-16 15:13 - 2011-11-27 01:11 - 00004452 ____A C:\Windows\System32\nvapps.xml
2012-10-16 15:12 - 2004-08-26 14:09 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-16 15:12 - 2004-08-26 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-16 05:47 - 2012-10-16 05:47 - 00000211 ____A C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
2012-10-16 05:00 - 2011-12-08 05:09 - 00000314 ____A C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2012-10-16 03:25 - 2004-08-26 12:12 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2012-10-16 03:18 - 2012-10-13 09:13 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-10-16 02:59 - 2012-10-16 02:59 - 00177496 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\07292517.sys
2012-10-15 21:17 - 2011-11-27 11:59 - 00000237 ____A C:\Documents and Settings\Owner\Desktop\CSG Pay.url
2012-10-15 14:29 - 2011-11-27 02:27 - 01150717 ____A C:\Windows\setupapi.log
2012-10-15 13:00 - 2012-10-15 13:00 - 00004091 ____A C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
2012-10-15 12:44 - 2012-10-15 12:44 - 00000217 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
2012-10-15 09:00 - 2011-12-08 05:08 - 00000348 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-10-15 04:27 - 2012-10-15 04:27 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-14 15:01 - 2011-12-01 16:02 - 00000378 ____A C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
2012-10-14 04:16 - 2012-10-14 04:16 - 03255248 ____A (Javacool Software LLC ) C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
2012-10-13 07:57 - 2012-10-13 07:52 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\87e2d931.pad
2012-10-13 07:51 - 2012-10-13 07:51 - 00386560 ____A (COMODO inc.) C:\Documents and Settings\Owner\My Documents\7af3996f.exe
2012-10-12 07:13 - 2011-11-28 07:47 - 00003510 ____A C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2012-10-12 04:25 - 2012-10-12 04:25 - 00003781 ____A C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
2012-10-12 04:07 - 2012-10-12 04:07 - 00001366 ____A C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
2012-10-11 00:58 - 2012-10-11 00:58 - 00001677 ____A C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
2012-10-09 07:39 - 2012-10-09 07:39 - 00000898 ____A C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
2012-10-09 05:44 - 2012-10-09 05:28 - 83023306 ___AT C:\Documents and Settings\All Users\Application Data\emorhc.pad
2012-10-09 05:04 - 2011-11-27 02:43 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 05:04 - 2011-11-27 02:43 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 04:01 - 2012-10-09 04:01 - 00000318 ____A C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
2012-10-08 02:50 - 2012-10-08 02:50 - 00044487 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
2012-10-08 02:50 - 2012-10-08 02:50 - 00000020 ____A C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
2012-10-04 20:16 - 2011-12-06 21:09 - 00000416 ____A C:\Documents and Settings\Owner\My Documents\spider.sav
2012-10-02 01:09 - 2012-10-02 01:09 - 00000204 ____A C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
2012-10-01 22:26 - 2011-12-31 10:49 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-01 03:51 - 2012-10-01 03:51 - 00002016 ____A C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
2012-09-24 04:43 - 2012-03-27 01:59 - 00601593 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-24 04:21 - 2012-09-24 04:21 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-24 03:53 - 2012-10-14 05:09 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20121014-050901.backup
2012-09-24 03:19 - 2012-09-24 03:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-035309.backup
2012-09-24 02:29 - 2004-08-26 14:04 - 00002577 ____A C:\Windows\System32\CONFIG.NT
2012-09-23 03:43 - 2011-12-08 16:45 - 00000462 ____A C:\Windows\BRWMARK.INI
2012-09-23 03:43 - 2011-12-08 16:45 - 00000079 ____A C:\Windows\BRPP2KA.INI
2012-09-21 14:18 - 2012-09-07 04:04 - 00000331 ____A C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
2012-09-21 12:55 - 2012-09-21 12:55 - 00000699 ____A C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
2012-09-21 02:22 - 2012-09-24 03:19 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120924-031900.backup
2012-09-21 01:57 - 2012-09-21 02:22 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-022256.backup
2012-09-21 01:53 - 2012-09-21 01:57 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015743.backup
2012-09-21 00:58 - 2012-09-21 00:58 - 00090112 ____A C:\Windows\Minidump\Mini092112-01.dmp
2012-09-20 15:13 - 2004-08-26 12:12 - 00001170 ____A C:\Windows\System32\wpa.dbl
2012-09-20 15:03 - 2012-09-21 01:53 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120921-015318.backup
2012-09-20 14:33 - 2012-09-20 14:33 - 00090112 ____A C:\Windows\Minidump\Mini092012-02.dmp
2012-09-20 13:52 - 2012-09-20 15:03 - 00444321 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-150333.backup
2012-09-20 13:37 - 2012-09-20 13:37 - 00090112 ____A C:\Windows\Minidump\Mini092012-01.dmp
2012-09-14 03:50 - 2012-09-14 03:50 - 00090112 ____A C:\Windows\Minidump\Mini091412-01.dmp
2012-09-09 01:10 - 2012-09-09 01:10 - 00000187 ____A C:\Documents and Settings\Owner\Desktop\Shortcut to USB DISK (K).lnk
2012-09-07 17:04 - 2012-10-15 04:26 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 06:08 - 2012-09-05 06:08 - 00028591 ____A C:\Documents and Settings\Owner\Desktop\Repertoire_Template.xlsx
2012-08-31 01:50 - 2012-08-31 01:50 - 00090112 ____A C:\Windows\Minidump\Mini083112-01.dmp
2012-08-28 16:13 - 2012-08-28 16:13 - 00090112 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-27 02:25 - 2012-08-27 02:25 - 00090112 ____A C:\Windows\Minidump\Mini082712-01.dmp
2012-08-16 14:27 - 2011-12-07 18:38 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-08-15 03:43 - 2011-12-01 16:16 - 00005561 ____A C:\InstallHelper.log
2012-08-15 03:42 - 2012-08-15 03:42 - 00001770 ____A C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
2012-08-11 11:15 - 2012-08-11 11:15 - 00090112 ____A C:\Windows\Minidump\Mini081112-01.dmp
2012-07-30 14:08 - 2012-09-20 13:52 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120920-135251.backup
2012-07-29 02:38 - 2012-07-30 14:08 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120730-140807.backup
2012-07-29 01:16 - 2012-07-29 02:38 - 00443791 ___RA C:\Windows\System32\Drivers\etc\hosts.20120729-023855.backup
2012-07-28 18:34 - 2012-03-31 16:02 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
2012-07-28 14:10 - 2004-08-26 14:00 - 00096341 ____A C:\Windows\wmsetup.log
2012-07-28 14:03 - 2012-03-31 09:05 - 00000118 ____A C:\SmartInstaller.log
2012-07-28 13:57 - 2004-08-26 14:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2012-07-26 02:50 - 2012-07-26 02:50 - 00090112 ____A C:\Windows\Minidump\Mini072612-01.dmp
2012-07-23 15:05 - 2004-08-26 12:12 - 00000532 ____A C:\Windows\win.ini
2012-07-23 15:05 - 2004-08-26 12:12 - 00000227 ____A C:\Windows\system.ini
2012-07-23 15:05 - 2004-08-26 12:12 - 00000210 __ASH C:\boot.ini
2012-07-21 13:59 - 2012-03-29 05:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-21 13:59 - 2011-12-02 22:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-10-15 21:10 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP370
RP: -> 2012-10-15 01:58 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP368
RP: -> 2012-10-14 17:30 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP367
RP: -> 2012-10-14 16:13 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP366
RP: -> 2012-10-13 16:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP365
RP: -> 2012-10-12 16:26 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP364
RP: -> 2012-10-11 15:55 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363
RP: -> 2012-10-10 15:38 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP362
RP: -> 2012-10-09 15:06 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP361
RP: -> 2012-10-08 13:35 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP360
RP: -> 2012-10-07 10:37 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP359
RP: -> 2012-10-06 05:15 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP358
RP: -> 2012-10-05 04:23 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP357
RP: -> 2012-10-03 22:52 - 024576 _restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP356

==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 959.48 MB
Available physical RAM: 708.77 MB
Total Pagefile: 859.05 MB
Available Pagefile: 759.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:69.61 GB) (Free:34.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive h: (RECOVERY) (Fixed) (Total:4.91 GB) (Free:2.88 GB) FAT32
8 Drive I: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.55 GB) FAT
9 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5036 MB 32 KB
Partition 2 Primary 70 GB 5036 MB
=========================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY FAT32 Partition 5036 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 70 GB Healthy
=========================================================
==================== End Of Log ============================

herewegoagain · Oct 16, 2012

Hi again Jay ...Sorry, I didnt notice the 'see this' at the very top of your answer before posting the logs you requested.
Should I now go back and run those others as well?
...now its a catch 22 since your reply said dont do anything else beyond what you ask specifically so?

Just let me know & I'll follow up with the rest. Thanks & sorry for the confusion.

Jay Pfoutz · Oct 17, 2012

That's fine, no biggie...

We need to change route here... please do the following:

In OTLPE, please open OTL on the Desktop, and do the following:

When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:
  
  DRIVES
  SHOWHIDDEN
  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
  %AppData%\Local\
  %systemroot%\system32\sysprep
  *.xpi /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %PROGRAMFILES%\*.
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  explorer.exe
  /md5stop
  
  Click to expand...
- Click the Run Scan button. The scan will not take long.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

herewegoagain · Oct 17, 2012

Am I going through the previous steps & changing bios to open with CD with the same CD I created?
Thanks for clarifying

Jay Pfoutz · Oct 17, 2012

You should be able to boot to the CD and pick OTLPE icon.

herewegoagain · Oct 17, 2012

Ok, hope I did this correctly ...had to wing it

there was no question shown- Do you wish to load the remote registry
Also the -Change Drivers to Non-Microsoft' wasnt an option only could check
NONE, ALL or SAFELIST which was already checked so I left it for safelist?
here is the logfile:

OTL logfile created on: 10/17/2012 9:41:13 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 703.00 Mb Available Physical Memory | 73.00% Memory free
859.00 Mb Paging File | 769.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.61 Gb Total Space | 34.23 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive H: | 4.91 Gb Total Space | 2.88 Gb Free Space | 58.73% Space Free | Partition Type: FAT32
Drive I: | 1.86 Gb Total Space | 1.55 Gb Free Space | 83.20% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (PCToolsFirewallPlus)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 14:28:01 | 000,161,776 | ---- | M] (Oracle Corporation) [Disabled] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/11/27 01:18:30 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [On_Demand] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/07/01 11:11:10 | 000,013,312 | ---- | M] () [On_Demand] -- C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe -- (QuikSync)
SRV - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2005/08/05 07:10:44 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (Sunkfiltp)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/22 15:35:16 | 000,070,568 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/06/22 15:35:06 | 000,125,920 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 15:29:36 | 000,254,944 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/04/23 12:36:48 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2012/04/19 09:56:54 | 000,091,648 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/07/01 11:10:14 | 000,012,672 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\QslFsFltr.sys -- (QslFsFltr)
DRV - [2009/11/03 13:30:12 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2009/10/22 04:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 04:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 04:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 04:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 04:44:06 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/08/11 05:02:10 | 000,091,136 | ---- | M] (ZOOM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zmghpau.sys -- (ZMGHPAudioSrv)
DRV - [2006/01/16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2004/10/20 15:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 18:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/25 14:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/25 14:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/17 02:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/05/16 22:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/04/01 23:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
IE - HKU\Owner_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/24 08:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/24 04:22:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/10/14 05:09:01 | 000,444,321 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15263 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FW] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1342115613140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342201013312 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "Browser Defender Update Service"
MsConfig - Services: "wuauserv"
MsConfig - Services: "Secunia Update Agent"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "AudioSrv"
MsConfig - Services: "AdobeFlashPlayerUpdateSvc"
MsConfig - Services: "RSVP"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled - - File not found
MsConfig - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: 96283755.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{7e853105-3adf-4199-a079-d87c2afd375f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)

herewegoagain · Oct 17, 2012

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 18:13:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/16 16:45:22 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/10/16 02:59:32 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07292517.sys
[2012/10/16 02:59:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/15 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 04:26:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/14 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/14 17:31:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/14 16:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/10/14 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/10/14 15:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2012/10/14 15:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
[2012/10/14 04:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/10/14 04:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/14 04:16:54 | 003,255,248 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
[2012/10/13 11:00:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2012/10/13 09:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/10/13 09:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/13 07:51:10 | 000,386,560 | ---- | C] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe
[2012/10/09 05:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/10/08 01:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\2csg+xl Turbo Lister2
[2012/10/06 00:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sm 7-24 Turbo Lister2
[2012/10/02 01:36:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2012/10/02 01:36:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2012/10/02 01:36:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2012/10/02 01:36:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2012/09/28 18:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2012/09/24 04:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spam Monitor
[2012/09/24 04:22:11 | 000,070,768 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/09/24 04:22:10 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/09/24 04:22:10 | 000,149,464 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/09/24 04:22:09 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/09/24 04:21:17 | 000,254,944 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/09/24 04:21:08 | 000,017,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/09/24 04:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/09/24 04:20:55 | 000,125,920 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2012/09/24 04:20:55 | 000,091,648 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2012/09/24 04:20:55 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2012/09/24 04:20:55 | 000,032,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2012/09/24 04:20:51 | 000,070,568 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/09/24 04:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/09/24 04:18:59 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/09/24 04:18:59 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/09/24 04:18:55 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/09/24 04:18:55 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/09/21 04:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\File Recover
[2012/09/21 04:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Product_FR
[2012/09/21 03:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2012/09/21 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/21 01:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2012/09/21 01:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/09/20 15:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP

========== Files - Modified Within 30 Days ==========

[2012/10/17 20:25:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/17 20:14:29 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/17 14:30:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rd4cdpl7.exe
[2012/10/17 05:00:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/10/16 16:45:28 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/10/16 15:26:51 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/16 05:47:55 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
[2012/10/16 03:18:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/16 02:59:32 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07292517.sys
[2012/10/15 21:17:09 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CSG Pay.url
[2012/10/15 19:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 19:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/15 13:00:49 | 000,004,091 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
[2012/10/15 12:44:36 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/10/15 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/10/15 04:27:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 15:01:53 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My eBay Watch List.url
[2012/10/14 05:09:01 | 000,444,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/14 04:16:56 | 003,255,248 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup46.exe
[2012/10/13 07:57:11 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
[2012/10/13 07:51:10 | 000,386,560 | ---- | M] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe
[2012/10/12 07:13:04 | 000,003,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/10/12 04:25:19 | 000,003,781 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
[2012/10/12 04:07:07 | 000,001,366 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
[2012/10/11 00:58:22 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
[2012/10/09 07:39:39 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
[2012/10/09 05:44:18 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\emorhc.pad
[2012/10/09 05:04:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 05:04:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/09 04:01:15 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
[2012/10/08 02:50:51 | 000,044,487 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
[2012/10/08 02:50:51 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
[2012/10/04 20:16:49 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2012/10/02 01:09:40 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
[2012/10/01 22:26:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/01 03:51:04 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
[2012/09/24 04:43:24 | 000,601,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/09/24 04:21:09 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
[2012/09/24 04:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/09/24 03:53:09 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121014-050901.backup
[2012/09/24 03:19:00 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120924-035309.backup
[2012/09/24 02:29:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/23 03:43:19 | 000,000,462 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/09/23 03:43:19 | 000,000,079 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2012/09/21 14:18:09 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Teachers Federal Credit Union - The Educated Choice.url
[2012/09/21 12:55:13 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
[2012/09/21 04:15:19 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools File Recover.lnk
[2012/09/21 02:22:56 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120924-031900.backup
[2012/09/21 01:57:43 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-022256.backup
[2012/09/21 01:53:18 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-015743.backup
[2012/09/20 15:13:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/20 15:03:33 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120921-015318.backup
[2012/09/20 13:52:51 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120920-150333.backup

========== Files Created - No Company Name ==========

[2012/10/17 14:30:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rd4cdpl7.exe
[2012/10/16 05:47:55 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\java.com Java + You.url
[2012/10/15 13:00:48 | 000,004,091 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Restoring the registry in XP - CNET Computer newbies Forums.url
[2012/10/15 12:44:36 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/10/15 04:27:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/13 09:13:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/13 07:52:10 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
[2012/10/12 04:25:19 | 000,003,781 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shop Verizon Deals & Compare TV, Internet, Phone Verizon.url
[2012/10/12 04:07:07 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cablevision Optimum Triple Play for $70 or internet+io preferred for $76 YMMV - Slickdeals.net.url
[2012/10/11 00:58:22 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Woodfield 61288 Set of 2 Woodfield Cat Andirons with Glass Eyes.url
[2012/10/09 07:39:32 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctfmon.lnk
[2012/10/09 05:28:36 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\emorhc.pad
[2012/10/09 04:01:15 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eBayISAPI.dllViewItemDescV4&item=140859960369&t=0&tid=10&category=29223&seller=2011purpleleaf&excSoj=1&rptdesc=1&excTrk=1&tto=1000.url
[2012/10/08 02:50:51 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.imb
[2012/10/08 02:50:41 | 000,044,487 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sscaredycat-2012-10-08-02-50-27.tlb
[2012/10/02 01:09:40 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bullet Stash Key Chain BuySmrt.com.url
[2012/10/01 03:51:04 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Why does search results say 157 but only shows 4 results Community Help Boards eBay Discussion Boards.url
[2012/09/24 04:22:10 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/09/24 04:22:10 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/09/24 04:22:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/09/24 04:22:10 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/09/24 04:22:10 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/09/24 04:21:09 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Internet Security.lnk
[2012/09/21 12:55:13 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Contact Us E-Mail Form.url
[2012/09/21 04:15:19 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools File Recover.lnk
[2012/02/15 20:02:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/12 09:53:34 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/01/12 09:53:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2012/01/06 16:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/01/06 16:44:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/06 16:44:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/01/06 16:44:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2012/01/06 16:43:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/01/06 09:49:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/12/31 15:37:59 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\WebpageIcons.db
[2011/12/31 10:55:37 | 000,029,904 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/15 02:10:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/08 16:45:44 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/12/08 16:45:44 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/12/01 15:57:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/01 15:57:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/29 23:20:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/11/28 07:47:53 | 000,003,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/11/27 02:06:53 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2011/11/27 02:06:53 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2011/11/27 02:06:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2011/11/27 02:06:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/11/27 01:31:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/11/27 01:29:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/11/27 01:18:31 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2011/11/27 01:15:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/11/27 01:02:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/08/11 05:02:00 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
[2008/08/11 05:01:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\zmghpaudcp.exe
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,086 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,445,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,073,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/03/27 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spam Monitor
[2012/09/21 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2012/01/21 12:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton
[2012/10/14 15:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2012/04/04 07:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/01/04 08:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2012/03/16 05:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2012/03/29 05:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/03/27 02:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCTools
[2012/09/21 04:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Product_FR
[2011/11/27 01:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/09/24 04:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spam Monitor
[2012/10/14 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpeedyPC Software
[2011/11/28 07:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/03/27 01:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2012/01/21 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/11/28 07:22:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/11/27 00:10:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/27 01:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/17 20:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/27 01:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/31 10:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

========== Custom Scans ==========

< DRIVES >

< SHOWHIDDEN >

< CreateRestorePoint >

Invalid Environment Variable: %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\

Invalid Environment Variable: %AppData%\Local\

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/10/16 02:59:32 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\07292517.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/10/16 03:25:03 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

Invalid Environment Variable: %WinDir%\$NtUninstallKB*$. /30

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/05/11 20:12:34 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/05/11 10:42:33 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/01/21 12:37:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ableton
[2012/03/29 01:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/11/27 01:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/12/31 10:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/05/31 17:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2011/11/27 00:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2011/12/31 10:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/01/06 16:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2011/11/28 07:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\CanonBJ
[2011/12/14 07:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/10/14 17:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/11/27 01:06:08 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/11/27 01:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012/06/12 00:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/11/27 01:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2012/08/15 03:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2012/06/12 00:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\EMC Corporation
[2012/10/14 16:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2012/03/29 00:35:02 | 000,000,000 | ---D | M] -- C:\Program Files\FileHippo.com
[2012/10/09 01:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/01/06 16:43:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/07/12 15:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/03/29 06:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/03/29 06:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/07/13 14:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/10/15 19:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/24 08:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/12/08 06:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/03/29 06:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/11/27 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2012/01/02 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/27 01:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/12/09 19:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/12/18 19:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/03/29 05:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/26 14:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2011/11/27 01:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2004/08/26 14:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/11/28 06:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/12/08 05:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/11/27 01:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2011/11/29 23:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/12/09 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2012/09/24 04:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools
[2012/04/28 22:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop 5.5
[2011/11/27 01:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2012/02/16 02:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/12/18 19:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/03/29 05:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2011/11/27 02:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\TP-LINK
[2011/11/27 02:31:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/12/15 02:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\USPS
[2011/11/27 01:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2012/06/12 00:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\VMware
[2012/09/21 01:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2012/05/25 00:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2012/05/25 00:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/12/08 05:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/01/21 12:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\ZOOM

Invalid Environment Variable: %appdata%\*.*

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2GDR\afd.sys
[2004/08/04 15:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3GDR\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 15:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
< End of report >

herewegoagain · Oct 17, 2012

Just a note- this had showed up as a problem earlier & I never had COMODO
[2012/10/13 07:51:10 | 000,386,560 | ---- | M] (COMODO inc.) -- C:\Documents and Settings\Owner\My Documents\7af3996f.exe

Jay Pfoutz · Oct 18, 2012

Tell you what, go back to Normal Mode, do the following:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

herewegoagain · Oct 18, 2012

No malicious found. Here is the TDSS logfile ...attached

Jay Pfoutz · Oct 18, 2012

avast! aswMBR

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Uncheck "Trace disk IO calls".
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review
Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

herewegoagain · Oct 18, 2012

Here is the aswMBR textlog & dat file.
Running combofix now.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 02:06:49
-----------------------------
02:06:49.703 OS Version: Windows 5.1.2600 Service Pack 3
02:06:49.703 Number of processors: 1 586 0xA00
02:06:49.703 ComputerName: MARTY UserName: Owner
02:06:52.437 Initialize success
02:09:21.437 AVAST engine defs: 12101801
02:09:52.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:09:52.343 Disk 0 Vendor: WDC_WD800BB-22JHA0 05.01C05 Size: 76319MB BusType: 3
02:09:52.375 Disk 0 MBR read successfully
02:09:52.375 Disk 0 MBR scan
02:09:52.515 Disk 0 unknown MBR code
02:09:52.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 71280 MB offset 10313730
02:09:52.562 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5035 MB offset 63
02:09:52.578 Disk 0 scanning sectors +156296385
02:09:52.718 Disk 0 scanning C:\WINDOWS\system32\drivers
02:13:07.531 Service scanning
02:15:27.250 Modules scanning
02:16:09.703 AVAST engine scan C:\WINDOWS
02:16:47.578 AVAST engine scan C:\WINDOWS\system32
02:30:50.734 AVAST engine scan C:\WINDOWS\system32\drivers
02:32:22.812 AVAST engine scan C:\Documents and Settings\Owner
02:55:50.953 File: C:\Documents and Settings\Owner\My Documents\7af3996f.exe **INFECTED** Win32:Kryptik-KEG [Trj]
03:04:16.156 AVAST engine scan C:\Documents and Settings\All Users
03:12:52.328 Scan finished successfully
03:15:45.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
03:15:45.796 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

herewegoagain · Oct 18, 2012

The combofix scan ended, havent dont the fix yet because....
It had to reinstall the recovery console in order to create a restore point &
never did disconnect from the internet.
Found rootkit zero.access in tcp/ip?
Is this scan ok to finish since it never disconnected from internet?
Please reply asap, thanks!

herewegoagain · Oct 18, 2012

Ive got bigger troubles now.
Combofix didnt want to wait & did all it could waiting for me to ok a reboot.
I finally just agreed , & upon reboot it ran another scan on its own
(this time it did not connect to the internet)
I have not been able to connect back to the internet since. Sorry for the delay but had to wait for the laptop to come home

I'll only have this available a short time.
PC Tools ran its scan & found 20+ infections. Most if not all were registry Hkey related with "CATCHME" type entries.
It cleaned them but still no internet now.
Hope I didnt screw up by allowing the combofix & let more things in?
Im now running malwarebytes quick scan.

herewegoagain · Oct 18, 2012

I retrieved the combofix logs attached

Jay Pfoutz · Oct 19, 2012

Sorry to hear you had trouble. Please try to run the following:

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

File::
C:\Documents and Settings\Owner\My Documents\7af3996f.exe

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

herewegoagain · Oct 19, 2012

There is an hkey service asking permission to run through pc tools.
says its ...combofix\catchme etc. Is this valid, should I allow?

Jay Pfoutz · Oct 19, 2012

Yes it is.

herewegoagain · Oct 19, 2012

Heres the new combofix log

ComboFix 12-10-18.03 - Owner 10/20/2012 1:25.2.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\documents and settings\Owner\My Documents\7af3996f.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-16 22:13 . 2012-10-16 22:13 -------- d-----w- C:\FRST
2012-10-16 06:59 . 2012-10-16 06:59 177496 ----a-w- c:\windows\system32\drivers\07292517.sys
2012-10-16 06:59 . 2012-10-16 06:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 08:26 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 06:02 . 2012-10-15 06:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-15 00:31 . 2012-10-15 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-14 20:13 . 2012-10-14 20:13 -------- d-----w- c:\program files\Enigma Software Group
2012-10-14 20:09 . 2012-10-14 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-14 19:55 . 2012-10-14 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-10-14 19:54 . 2012-10-14 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
2012-10-14 08:21 . 2012-10-14 08:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-10-14 08:20 . 2012-10-14 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-09 09:04 . 2012-10-09 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-10-02 05:36 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-10-02 05:36 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-10-02 05:36 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-10-02 05:36 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-09-24 08:23 . 2012-09-24 08:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Spam Monitor
2012-09-24 08:22 . 2012-06-22 15:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-09-24 08:22 . 2012-06-22 15:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-24 08:22 . 2012-06-22 15:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-09-24 08:22 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-24 08:22 . 2012-06-22 15:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-09-24 08:21 . 2012-06-22 19:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-09-24 08:21 . 2012-06-22 19:33 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-24 08:20 . 2012-06-22 19:35 125920 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-09-24 08:20 . 2012-04-19 13:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-09-24 08:20 . 2011-07-08 13:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-09-24 08:20 . 2010-07-08 12:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-09-24 08:20 . 2012-06-22 19:35 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-09-24 08:20 . 2012-09-24 08:20 -------- d-----w- c:\program files\PC Tools
2012-09-24 08:18 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-09-24 08:18 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-09-24 08:18 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-09-24 08:18 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-09-21 08:12 . 2012-09-21 08:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Product_FR
2012-09-21 05:47 . 2012-09-21 05:47 -------- d-----w- c:\program files\VS Revo Group
2012-09-20 19:29 . 2012-09-20 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 07:25 . 2004-08-26 16:12 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
backup=c:\windows\pss\Secunia PSI Tray.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-12 04:50 4112384 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-06-04 04:51 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-07-12 04:50 843776 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2009-10-22 08:43 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser Defender Update Service"=2 (0x2)
"wuauserv"=2 (0x2)
"Secunia Update Agent"=3 (0x3)
"JavaQuickStarterService"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"AudioSrv"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"RSVP"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunKistEM"=c:\program files\Digital Media Reader\shwiconem.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"<NO NAME>"=
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
"ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
"SetDefPrt"=c:\program files\Brother\Brmfl04a\BrStDvPt.exe
"Path"="c:\program files\ZOOM\ZFX Tools\ZFX Tools startup.exe"
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 QslFsFltr;QslFsFltr;c:\windows\system32\DRIVERS\QslFsFltr.sys [x]
R3 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [x]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [x]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: pb.com\ibdswebp8-ext
Trusted Zone: usps.com\carrierpickup
Trusted Zone: usps.com\tools
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-20 01:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-10-20 01:51:27
ComboFix-quarantined-files.txt 2012-10-20 05:51
ComboFix2.txt 2012-10-19 08:53
.
Pre-Run: 35,520,106,496 bytes free
Post-Run: 35,538,763,776 bytes free
.
- - End Of File - - 561F2744B54C0773B8F296C023EAF10B

herewegoagain · Oct 19, 2012

Just as a sidenote: Security Center is back but not detecting my PC Tools Security suite 2012
or its Firewall although both seem to be working (Firewall still starts then stops with services start
but can be enabled manually)
I will only be available for another 1/2 hr or so ...be back in about 9-10 hrs. Thanks

herewegoagain · Oct 19, 2012

...still no internet connection either, cannot find ip address

herewegoagain · Oct 20, 2012

I'm back if you are still available & have any instructions.

Inactive *Infected* rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack

Posts: 50 +0

Posts: 4,279 +49

Posts: 50 +0

Posts: 50 +0

Posts: 50 +0

Posts: 4,279 +49

Posts: 50 +0

Posts: 4,279 +49

Posts: 50 +0

Posts: 50 +0

Posts: 50 +0

Posts: 4,279 +49

Posts: 50 +0

Attachments

Posts: 4,279 +49

Posts: 50 +0

Attachments

Posts: 50 +0

Posts: 50 +0

Posts: 50 +0

Attachments

Posts: 4,279 +49

Posts: 50 +0

Posts: 4,279 +49

Posts: 50 +0

Posts: 50 +0

Posts: 50 +0

Posts: 50 +0

Similar threads

Inactive Infected rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack