TechSpot

Laptop so slow it's unusable, disc activity light is on constantly

By poshgerm
Aug 24, 2011
  1. My retired aunts laptop started running very slow a couple of weeks back, it could take 2 or 3 hours, yes hours, or more to boot into the Windows XP desktop. Once the XP desktop eventually came up, just about the only thing that you could get it to run was the task manager.
    A full MalwareBytes scan took over 300 hours to complete.

    I will post the logs from the scans etc. later
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    hello again broni

    Here are the logs...

    malware bytes, full scan that took over 300 hours...

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7035

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    8/8/2011 11:12:14 AM
    mbam-log-2011-08-08 (11-12-07).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 259024
    Time elapsed: 324 hour(s), 10 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 166
    Registry Values Infected: 11
    Registry Data Items Infected: 1
    Folders Infected: 24
    Files Infected: 40

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\User\application data\shoppingreport2 (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\application data (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\documents and settings (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\cs\res2 (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\documents and settings (Adware.ShoppingReport2) -> Delete on reboot.
    c:\documents and settings\User\application data\shoppingreport2\report (Adware.ShoppingReport2) -> Delete on reboot.
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Delete on reboot.
    c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Delete on reboot.
    c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Delete on reboot.
    c:\program files\scanquery (Adware.ScanQuery) -> Delete on reboot.
    c:\documents and settings\all users\application data\scanquery (Adware.ScanQuery) -> Delete on reboot.

    Files Infected:
    c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\scanquery\scanquery135.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\vlcsetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\vlcsetup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\vlcsetup (3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\xvidsetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\xvidsetup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\xvidsetup (3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\xvidsetup (4).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\User\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\scanquery\scanquery.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
    c:\program files\scanquery\scanquery.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP236\A0155979.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP236\A0155981.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP236\A0156973.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP236\A0156974.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP239\A0163662.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP239\A0163663.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0163679.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0163680.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0165795.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0166791.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0166792.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{c49bd92c-9c3f-4bdd-866f-eaf535330b6c}\RP240\A0166793.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs\res2\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
     
  4. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    More logs...

    Malware bytes quick scan...

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7035

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/13/2011 1:54:35 PM
    mbam-log-2011-08-13 (13-54-35).txt

    Scan type: Quick scan
    Objects scanned: 166570
    Time elapsed: 11 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\User\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\User\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\shoppingreport2\uninst.exe.vir (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\scanquery\scanquery.exe.vir (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\scanquery\scanquery135.exe.vir (Adware.ScanQuery) -> Quarantined and deleted successfully.





    GMER log...


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-13 19:32:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATMR04-0 rev.MO2OADEA
    Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxkiafow.sys


    ---- System - GMER 1.0.15 ----

    SSDT E1A4C5B8 ZwConnectPort

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \FileSystem\Fastfat \Fat AFC14D20

    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on..........
     
  6. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    DDS hangs laptop

    Hi Broni,

    I should have said in my last reply, when I try and run DDS, the laptop hangs...
    In fact it hangs so completely, that I can't even get the task manager to come up, and the only option is to power off the machine by holding down the power button...
    The same thing happens whether I run it in 'normal' windows or safe mode (no networking).

    I have stopped all the script blocking protection I can find.

    When running DDS it writes hashes quite quickly to start with, up until it gets to just underneath the 'r' in "where" in "forum where it was requested".

    Any ideas how to get DDS to run to end?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    Don'tr seem to be able to get tolls to finish

    part of the reason I've not replied sooner is I can't get the tools to run to end to get the logs...

    ComboFix - It runs, then creates the restore point, then goes into Autoscan, it never gets to finish...
    If I keep the session alive by moving the cursor occasionally, the Autoscan window never changes what's on it. I will eventually have to shutdown the machine off by holding the power button...
    If I leave it to run, and don't keep the session from sleeping, it then hangs with a black screen and I have to hold down the the power button to get the machine to go off.
    This applies in both normal and 'safe' modes..

    If I run Rkill first I loose all the desktop icons, and then have to kick CombFix off by using Task Manager...
     
  9. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    Here are some of the Rkill logs...

    Don't know if these will be of any use - not much terminated here...

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 09/01/2011 at 11:43:45.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 09/01/2011 at 11:43:50.


    And another...

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 09/05/2011 at 12:41:08.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe


    Rkill completed on 09/05/2011 at 12:41:48.


    And another...

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 09/05/2011 at 17:37:48.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe


    Rkill completed on 09/05/2011 at 17:37:54.


    And finally 'Safe Mode'...

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 09/09/2011 at 17:41:09.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 09/09/2011 at 17:41:12.


    Thanks,
    poshgerm.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    TDSSKiller log

    Hi Broni...

    Please find the TDSSKiller log below...

    Regards,
    poshgerm.

    2011/09/12 12:42:32.0131 2444 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
    2011/09/12 12:42:32.0141 2444 ================================================================================
    2011/09/12 12:42:32.0141 2444 SystemInfo:
    2011/09/12 12:42:32.0141 2444
    2011/09/12 12:42:32.0141 2444 OS Version: 5.1.2600 ServicePack: 3.0
    2011/09/12 12:42:32.0141 2444 Product type: Workstation
    2011/09/12 12:42:32.0141 2444 ComputerName: IBM-46D4ED0739C
    2011/09/12 12:42:32.0141 2444 UserName: User
    2011/09/12 12:42:32.0141 2444 Windows directory: C:\WINDOWS
    2011/09/12 12:42:32.0141 2444 System windows directory: C:\WINDOWS
    2011/09/12 12:42:32.0141 2444 Processor architecture: Intel x86
    2011/09/12 12:42:32.0141 2444 Number of processors: 1
    2011/09/12 12:42:32.0141 2444 Page size: 0x1000
    2011/09/12 12:42:32.0141 2444 Boot type: Normal boot
    2011/09/12 12:42:32.0141 2444 ================================================================================
    2011/09/12 12:42:41.0475 2444 Initialize success
    2011/09/12 12:42:51.0209 3404 ================================================================================
    2011/09/12 12:42:51.0209 3404 Scan started
    2011/09/12 12:42:51.0209 3404 Mode: Manual;
    2011/09/12 12:42:51.0209 3404 ================================================================================
    2011/09/12 12:42:54.0173 3404 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    2011/09/12 12:42:55.0054 3404 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    2011/09/12 12:42:55.0815 3404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/12 12:42:56.0787 3404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/09/12 12:42:57.0598 3404 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    2011/09/12 12:42:58.0339 3404 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/09/12 12:42:59.0651 3404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/09/12 12:43:00.0582 3404 AegisP (18309916da01042606b4a5ec8f60b447) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/09/12 12:43:01.0764 3404 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/09/12 12:43:02.0675 3404 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/09/12 12:43:03.0626 3404 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    2011/09/12 12:43:04.0618 3404 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    2011/09/12 12:43:05.0749 3404 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    2011/09/12 12:43:06.0971 3404 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    2011/09/12 12:43:08.0363 3404 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    2011/09/12 12:43:09.0465 3404 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    2011/09/12 12:43:10.0586 3404 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    2011/09/12 12:43:12.0048 3404 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    2011/09/12 12:43:13.0110 3404 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/09/12 12:43:14.0282 3404 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    2011/09/12 12:43:15.0303 3404 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    2011/09/12 12:43:16.0595 3404 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    2011/09/12 12:43:17.0777 3404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/09/12 12:43:19.0159 3404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/09/12 12:43:22.0323 3404 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/09/12 12:43:25.0618 3404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/09/12 12:43:26.0980 3404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/09/12 12:43:28.0061 3404 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/09/12 12:43:29.0534 3404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/09/12 12:43:32.0668 3404 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    2011/09/12 12:43:34.0060 3404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/09/12 12:43:35.0202 3404 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    2011/09/12 12:43:36.0293 3404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/09/12 12:43:37.0455 3404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/09/12 12:43:38.0897 3404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/09/12 12:43:40.0660 3404 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/09/12 12:43:41.0791 3404 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    2011/09/12 12:43:42.0803 3404 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/09/12 12:43:44.0095 3404 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    2011/09/12 12:43:45.0907 3404 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    2011/09/12 12:43:48.0030 3404 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    2011/09/12 12:43:49.0783 3404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/09/12 12:43:51.0325 3404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/09/12 12:43:54.0550 3404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/09/12 12:43:56.0613 3404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/09/12 12:43:57.0514 3404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/09/12 12:43:58.0305 3404 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    2011/09/12 12:43:59.0707 3404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/09/12 12:44:00.0879 3404 E1000 (4de4bae4accb5a49fa85801d4f226355) C:\WINDOWS\system32\DRIVERS\e1000325.sys
    2011/09/12 12:44:03.0052 3404 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/09/12 12:44:03.0693 3404 EGATHDRV (12bb0f2d065e181bd356a8f60e6f1cdc) C:\WINDOWS\GATHER.KM
    2011/09/12 12:44:17.0633 3404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/09/12 12:44:20.0237 3404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/09/12 12:44:21.0268 3404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/09/12 12:44:22.0640 3404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/09/12 12:44:24.0663 3404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/09/12 12:44:26.0866 3404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/09/12 12:44:27.0687 3404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/09/12 12:44:28.0599 3404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/09/12 12:44:29.0640 3404 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/09/12 12:44:31.0332 3404 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    2011/09/12 12:44:32.0464 3404 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    2011/09/12 12:44:34.0968 3404 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/09/12 12:44:36.0971 3404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/09/12 12:44:37.0812 3404 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/09/12 12:44:38.0693 3404 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    2011/09/12 12:44:39.0604 3404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/12 12:44:40.0345 3404 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
    2011/09/12 12:44:41.0217 3404 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
    2011/09/12 12:44:42.0418 3404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/09/12 12:44:43.0210 3404 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    2011/09/12 12:44:44.0101 3404 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2011/09/12 12:44:44.0992 3404 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/09/12 12:44:46.0034 3404 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/09/12 12:44:47.0145 3404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/09/12 12:44:48.0036 3404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/09/12 12:44:48.0818 3404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/09/12 12:44:50.0029 3404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/09/12 12:44:50.0901 3404 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2011/09/12 12:44:52.0052 3404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/09/12 12:44:53.0074 3404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/09/12 12:44:54.0085 3404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/09/12 12:44:54.0966 3404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/09/12 12:44:56.0739 3404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/09/12 12:44:59.0062 3404 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    2011/09/12 12:45:00.0735 3404 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/09/12 12:45:01.0696 3404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/09/12 12:45:03.0008 3404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/09/12 12:45:03.0769 3404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/09/12 12:45:04.0540 3404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/09/12 12:45:05.0742 3404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/09/12 12:45:06.0683 3404 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    2011/09/12 12:45:07.0494 3404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/09/12 12:45:08.0726 3404 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/09/12 12:45:10.0309 3404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/09/12 12:45:11.0080 3404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/09/12 12:45:11.0991 3404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/09/12 12:45:13.0042 3404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/09/12 12:45:14.0174 3404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/09/12 12:45:15.0236 3404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/09/12 12:45:16.0337 3404 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090401.003\NAVENG.Sys
    2011/09/12 12:45:18.0190 3404 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090401.003\NavEx15.Sys
    2011/09/12 12:45:20.0623 3404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/09/12 12:45:21.0805 3404 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/09/12 12:45:22.0766 3404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/09/12 12:45:23.0888 3404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/09/12 12:45:24.0980 3404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/09/12 12:45:25.0741 3404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/09/12 12:45:26.0732 3404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/09/12 12:45:27.0934 3404 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/09/12 12:45:29.0055 3404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/09/12 12:45:30.0157 3404 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
    2011/09/12 12:45:32.0050 3404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/09/12 12:45:33.0322 3404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/09/12 12:45:34.0283 3404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/09/12 12:45:35.0405 3404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/09/12 12:45:36.0186 3404 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    2011/09/12 12:45:37.0698 3404 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    2011/09/12 12:45:39.0721 3404 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    2011/09/12 12:45:40.0562 3404 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/09/12 12:45:41.0393 3404 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2011/09/12 12:45:42.0274 3404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/09/12 12:45:43.0426 3404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/09/12 12:45:44.0187 3404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/09/12 12:45:45.0239 3404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/09/12 12:45:47.0051 3404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/09/12 12:45:48.0323 3404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/09/12 12:45:54.0452 3404 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    2011/09/12 12:45:55.0854 3404 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    2011/09/12 12:45:56.0825 3404 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
    2011/09/12 12:45:58.0288 3404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/09/12 12:45:59.0409 3404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/09/12 12:46:00.0671 3404 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
    2011/09/12 12:46:01.0482 3404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/09/12 12:46:02.0544 3404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/09/12 12:46:03.0655 3404 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    2011/09/12 12:46:05.0127 3404 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    2011/09/12 12:46:06.0429 3404 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    2011/09/12 12:46:07.0361 3404 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    2011/09/12 12:46:08.0142 3404 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    2011/09/12 12:46:09.0253 3404 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    2011/09/12 12:46:10.0074 3404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/09/12 12:46:10.0996 3404 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2011/09/12 12:46:11.0797 3404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/09/12 12:46:13.0049 3404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/09/12 12:46:13.0860 3404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/09/12 12:46:14.0771 3404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/09/12 12:46:15.0562 3404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/09/12 12:46:16.0223 3404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/09/12 12:46:16.0864 3404 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/09/12 12:46:17.0335 3404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/09/12 12:46:17.0946 3404 s24trans (49b4b6a0f04ef8578e9a3f2915a84ac9) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/09/12 12:46:18.0567 3404 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
    2011/09/12 12:46:19.0358 3404 SAVRT (ac9d162f3dd155e6023aa5ac89f59780) C:\Program Files\Norton AntiVirus\SAVRT.SYS
    2011/09/12 12:46:20.0540 3404 SAVRTPEL (7bd636b57b7fd56c2c2ac9515f6b57d7) C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
    2011/09/12 12:46:21.0261 3404 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
    2011/09/12 12:46:21.0881 3404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/09/12 12:46:22.0643 3404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/09/12 12:46:23.0414 3404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/09/12 12:46:24.0445 3404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/09/12 12:46:26.0778 3404 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
    2011/09/12 12:46:28.0601 3404 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    2011/09/12 12:46:29.0392 3404 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
    2011/09/12 12:46:30.0774 3404 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/09/12 12:46:32.0016 3404 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    2011/09/12 12:46:33.0538 3404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/09/12 12:46:35.0030 3404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/09/12 12:46:35.0882 3404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/09/12 12:46:37.0564 3404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/09/12 12:46:38.0015 3404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/09/12 12:46:38.0956 3404 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    2011/09/12 12:46:39.0547 3404 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    2011/09/12 12:46:39.0807 3404 SymEvent (05d9613efe7809e384c10da26958dfa4) C:\Program Files\Symantec\SYMEVENT.SYS
    2011/09/12 12:46:40.0889 3404 SYMREDRV (f26e71125da173d57caba3457c5e48cf) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    2011/09/12 12:46:41.0960 3404 SYMTDI (23b6adbaa7026c53b5ef102e56750b13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    2011/09/12 12:46:42.0761 3404 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    2011/09/12 12:46:43.0472 3404 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    2011/09/12 12:46:44.0444 3404 SynTP (9f21fcb5a5bbc7d730018f6b61f638cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/09/12 12:46:45.0776 3404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/09/12 12:46:47.0208 3404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/09/12 12:46:48.0349 3404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/09/12 12:46:49.0501 3404 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
    2011/09/12 12:46:51.0123 3404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/09/12 12:46:52.0656 3404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/09/12 12:46:53.0918 3404 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    2011/09/12 12:46:55.0219 3404 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
    2011/09/12 12:46:56.0361 3404 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
    2011/09/12 12:46:57.0322 3404 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
    2011/09/12 12:46:58.0624 3404 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
    2011/09/12 12:46:59.0916 3404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/09/12 12:47:00.0988 3404 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    2011/09/12 12:47:02.0290 3404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/09/12 12:47:04.0072 3404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/09/12 12:47:05.0134 3404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/09/12 12:47:06.0065 3404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/09/12 12:47:07.0126 3404 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/09/12 12:47:08.0478 3404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/09/12 12:47:09.0890 3404 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    2011/09/12 12:47:11.0162 3404 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2011/09/12 12:47:12.0484 3404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/09/12 12:47:15.0078 3404 w22n51 (5bc494442773035da902ab30cdca11e7) C:\WINDOWS\system32\DRIVERS\w22n51.sys
    2011/09/12 12:47:17.0722 3404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/09/12 12:47:19.0014 3404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/09/12 12:47:19.0925 3404 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/09/12 12:47:21.0727 3404 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys
    2011/09/12 12:47:22.0398 3404 MBR (0x1B8) (c467f8dcd238c384a4567fd8c4b00b37) \Device\Harddisk0\DR0
    2011/09/12 12:47:22.0849 3404 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR3
    2011/09/12 12:47:30.0921 3404 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR5
    2011/09/12 12:47:31.0592 3404 Boot (0x1200) (992ee8a1ca9526a7a438738650c14831) \Device\Harddisk0\DR0\Partition0
    2011/09/12 12:47:31.0662 3404 Boot (0x1200) (16034114c4c580025aa7db8569fab823) \Device\Harddisk1\DR3\Partition0
    2011/09/12 12:47:31.0722 3404 Boot (0x1200) (25a04e4776e690dc108d81ef733c9cc8) \Device\Harddisk2\DR5\Partition0
    2011/09/12 12:47:31.0732 3404 ================================================================================
    2011/09/12 12:47:31.0732 3404 Scan finished
    2011/09/12 12:47:31.0732 3404 ================================================================================
    2011/09/12 12:47:31.0762 3032 Detected object count: 0
    2011/09/12 12:47:31.0762 3032 Actual detected object count: 0
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you try to run Combofix from safe mode?
     
  13. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    Still can't get ComboFix to run to completion.

    Even when I run it in safe mode, I get the following message (in a window with the heading c:\: AutoScan) :-


    After a few days trying ComboFix has 'expired' and now asks me if I wish to run in reduced functionality, to which, if I click on Yes, the following message eventually appears on a window headed "C:\ ComboFix - Find3M" :-

    Preparing Log Report.

    Do not run any program until ComboFix has finished

    But it never gets any further.
    Incidentally, whenever ComboFix runs now the Desktop icons all disapear - I get then back by calling up Task manager and running explorer.exe...
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Delete your Combofix file, download fresh one and try again.
     
  15. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    Downloaded a fresh copy of ComboFix as instructed. But when run, ComboFix initialises, creates a restore point then moves on to AutoScan, but it never gets further than the point where the following messages are displayed :

    Scanning for infected files . . .
    This typically doesn't take more than 10 minutes
    However, scan times for badly infected machines mat easily double
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Well give it some more time.
     
  17. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    Was 5hrs long enough

    Let it run for nearly 5 hours, but ComboFix didn't produce it's log, was this a long enough time to leave it running?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL txt (part1)

    OTL logfile created on: 9/28/2011 12:24:32 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.92 Mb Total Physical Memory | 251.73 Mb Available Physical Memory | 49.27% Memory free
    1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.93% Paging File free
    Paging file location(s): C:\pagefile.sys 765 765E:\pagefile.sys 512 512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 32.59 Gb Total Space | 9.81 Gb Free Space | 30.10% Space Free | Partition Type: NTFS
    Drive E: | 3.81 Gb Total Space | 1.95 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

    Computer Name: IBM-46D4ED0739C | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/28 12:20:18 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    PRC - [2011/04/08 16:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
    PRC - [2010/07/18 12:54:40 | 001,774,080 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/03/09 12:48:22 | 000,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
    PRC - [2006/03/09 12:47:58 | 000,255,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
    PRC - [2006/03/09 12:47:52 | 000,071,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    PRC - [2004/10/02 10:03:52 | 000,122,950 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
    PRC - [2004/08/17 20:06:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    PRC - [2004/07/16 05:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    PRC - [2004/06/16 18:53:34 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2004/04/23 20:04:16 | 000,158,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
    PRC - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    PRC - [2004/03/19 20:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
    PRC - [2004/02/05 02:39:28 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    PRC - [2002/01/10 23:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/18 14:18:36 | 000,509,304 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx
    MOD - [2004/08/25 21:27:00 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
    MOD - [2004/08/17 20:06:20 | 000,225,280 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
    MOD - [2004/08/17 20:06:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    MOD - [2004/07/29 09:37:00 | 000,395,776 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL
    MOD - [2004/07/16 05:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    MOD - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    MOD - [2004/03/19 20:12:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
    MOD - [2004/02/05 02:39:28 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    MOD - [2004/02/05 02:39:20 | 000,061,440 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll
    MOD - [2003/07/04 07:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (SeaPort)
    SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/06/26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
    SRV - [2011/04/08 16:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2006/03/09 12:48:22 | 000,235,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/03/09 12:48:08 | 000,087,712 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2006/03/09 12:47:58 | 000,255,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/01/26 06:48:50 | 000,194,272 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
    SRV - [2005/01/22 07:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2004/11/03 01:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
    SRV - [2004/10/02 10:04:40 | 000,286,787 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2004/10/02 10:03:52 | 000,122,950 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
    SRV - [2004/04/23 20:04:16 | 000,158,848 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc)
    SRV - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
    SRV - [2003/07/12 02:19:22 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
    SRV - [2003/06/25 02:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2010/03/10 22:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
    DRV - [2009/03/16 09:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090401.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2009/03/16 09:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090401.003\NAVENG.SYS -- (NAVENG)
    DRV - [2008/09/23 00:19:38 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2005/01/26 06:48:52 | 000,305,288 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2005/01/26 06:48:52 | 000,037,000 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/01/22 07:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/01/22 07:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2004/09/24 01:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2004/08/30 01:26:58 | 003,151,232 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
    DRV - [2004/08/25 21:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/08/04 06:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2004/07/29 09:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
    DRV - [2004/07/29 09:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2004/07/29 09:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2004/07/22 23:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/07/22 23:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/07/22 23:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/07/15 10:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2004/06/02 12:45:08 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2003/11/21 19:07:52 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2001/11/01 11:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
    DRV - [2001/08/18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2001/08/18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
    DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80139&lng=en
    IE - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    IE - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

    [2010/10/15 21:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
    CHR - Extension: Poppit = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2011/09/05 13:02:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (Trellian BHO Impl) - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll (ToolbarBrowser.com)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
    O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
    O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\bfgbartb\BfgBarDx.dll ()
    O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\prxtbiWin.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll File not found
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFre2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (Trellian &Toolbar) - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll (ToolbarBrowser.com)
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll File not found
    O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\bfgbartb\BfgBarDx.dll ()
    O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\prxtbiWin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFre2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\WebBrowser: (Trellian &Toolbar) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll (ToolbarBrowser.com)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\prxtbiWin.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\prxtbFre2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
    O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
    O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
    O4 - HKLM..\Run: [UC_SMB] File not found
    O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
    O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Millionaire%20Manor%20-%20The%20Hidden%20Object%20Show/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://www.gamehouse.com/games/NightshiftJaguarsEye.cab (CPlayFirstNightshiftControl Object)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://www.freeridegames.com/online-games/webgames/locations/Dream-Chronicles/dreamweb.1.0.0.10.cab (CPlayFirstdreamControl Object)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://www.gamehouse.com/games/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/17 21:34:32 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/03/12 11:40:04 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/28 12:23:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/09/27 13:27:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/09/27 13:22:53 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/09/21 17:50:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/21 17:50:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/21 17:50:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/21 17:50:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/21 17:49:28 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
    [2011/09/12 12:42:12 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Desktop\tdsskiller.exe
    [2011/09/09 15:55:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/04/04 21:03:46 | 001,421,312 | ---- | C] (GameHouse, Inc) -- C:\Program Files\LittleShopRoadTrip.exe
    [2008/09/22 21:59:27 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/28 12:29:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2011/09/28 12:20:18 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/09/28 11:11:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/28 09:27:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{543E4E5F-07B9-4CAD-842E-E1A656BADACE}.job
    [2011/09/28 09:24:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/28 09:24:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/28 09:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/28 09:24:02 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/21 17:48:44 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
    [2011/09/12 12:25:50 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Desktop\tdsskiller.exe
    [2011/09/05 13:02:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/01 17:33:30 | 000,000,300 | RHS- | M] () -- C:\BOOT.INI
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/28 09:24:02 | 535,810,048 | -HS- | C] () -- C:\hiberfil.sys
    [2011/09/21 17:50:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/09/21 17:50:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/21 17:50:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/09/21 17:50:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/09/21 17:50:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/09/01 17:29:18 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/07/18 15:07:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
    [2011/04/04 21:03:50 | 048,345,761 | ---- | C] () -- C:\Program Files\Stash4.bin
    [2011/03/29 00:22:07 | 000,003,710 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\slot1.mm1
    [2011/03/04 16:49:05 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\user.ini
    [2011/02/27 19:27:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2011/02/20 17:02:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/01/28 21:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
    [2011/01/28 21:09:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2010/11/02 00:11:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2009/02/17 21:57:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/09/23 00:28:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/09/23 00:27:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
    [2008/09/23 00:26:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2008/09/23 00:25:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2008/09/23 00:25:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2008/09/23 00:20:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
    [2008/09/23 00:20:07 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
    [2008/09/23 00:02:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
    [2008/09/23 00:01:27 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2008/09/22 23:59:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
    [2008/09/22 22:35:42 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/09/22 21:59:27 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2008/09/22 21:59:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2004/10/02 10:12:56 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
    [2004/10/02 10:05:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
    [2004/08/02 22:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/03/19 20:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
    [2004/03/19 20:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
    [2004/01/09 14:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
    [2003/10/16 14:57:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2003/10/16 14:57:04 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2003/02/21 17:36:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/02/21 17:34:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/02/21 17:26:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/02/21 17:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/02/21 17:18:36 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/02/03 13:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/01/10 02:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
    [2001/08/23 15:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
    [2001/08/23 15:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
    [1980/01/01 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [1980/01/01 08:00:00 | 000,315,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [1980/01/01 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [1980/01/01 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [1980/01/01 08:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [1980/01/01 08:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
    [1980/01/01 08:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
    [1980/01/01 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [1980/01/01 08:00:00 | 000,041,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [1980/01/01 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [1980/01/01 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [1980/01/01 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/05/06 14:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
    [2011/05/19 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software Publishing Ltd
    [2011/06/04 21:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2011/02/14 15:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
    [2011/01/20 00:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
    [2011/06/04 21:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DragonsEye Studios
    [2011/06/19 19:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2011/03/01 18:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
    [2011/02/23 21:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
    [2011/05/13 16:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
    [2011/03/27 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
    [2011/05/20 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
    [2011/05/20 20:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    [2011/01/09 17:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
    [2010/11/03 01:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
    [2011/01/19 22:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
    [2011/02/20 23:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2011/02/21 18:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2011/06/26 13:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2011/05/24 23:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
    [2011/05/06 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2011/03/31 20:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2011/06/26 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2011/03/08 23:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
    [2011/03/22 23:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
    [2010/10/15 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2011/01/28 21:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2011/05/16 19:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PuzzlesByJoe
    [2011/01/11 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
    [2011/03/05 00:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
    [2011/02/18 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
    [2011/02/20 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
    [2011/07/02 01:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/06/13 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
    [2011/03/21 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2011/05/12 18:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Application Data
    [2011/05/04 21:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Artogon
    [2011/05/05 21:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
    [2011/03/04 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\bfgbartb
    [2011/02/22 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BloodTies
    [2011/03/31 23:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boolat Games
    [2011/05/20 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boomzap
    [2011/02/17 13:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BrokenHearts
    [2011/02/14 15:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Casual Arts
    [2011/03/12 20:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CursedOnboard
    [2011/04/26 21:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dekovir
    [2011/06/04 21:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DragonsEye Studios
    [2011/05/21 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EleFun Games
    [2011/03/11 19:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ERS Game Studios
    [2011/05/02 23:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Flood Light Games
    [2011/01/12 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreezeTag
    [2010/11/06 21:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Friday's games
    [2011/01/03 21:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\G-HeadGames
    [2011/05/20 20:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameInvest
    [2011/02/11 22:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameMill Entertainment
    [2011/05/13 16:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gamers Digital
    [2011/05/03 01:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gold Casual Games
    [2011/05/16 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HdO Adventure
    [2011/05/13 22:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Home Sweet Home Christmas
    [2009/02/20 05:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBM
    [2011/05/17 21:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iMaxGen
    [2011/05/15 21:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Inbox Toolbar
    [2011/02/20 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
    [2010/11/03 01:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin
    [2011/03/31 20:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jetdogs Studios
    [2011/03/23 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Magic Academy 2
    [2011/02/12 22:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Meridian93
    [2011/06/26 13:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Merscom
    [2011/03/10 17:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mystery of Mortlake Mansion
    [2011/06/17 17:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Namco
    [2011/03/31 20:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oberon Media
    [2011/01/24 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oberonv1001
    [2011/01/21 23:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oberonv1002
    [2011/03/09 21:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PeaceCraft2
    [2011/06/26 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
    [2011/03/22 23:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PoBros
    [2011/01/28 21:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PopCapv1004
    [2011/04/26 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\report
    [2011/05/13 20:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RobinsonCrusoeIW
    [2011/04/01 21:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SecretIslandEng
    [2011/04/30 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spark Plug Games
    [2011/01/21 21:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop
    [2011/05/13 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop Games
    [2011/06/21 16:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SprillRichiEng
    [2011/06/13 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Inquisitor
    [2011/03/22 02:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TheScruffs
    [2011/04/01 21:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Total Eclipse
    [2011/01/24 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\V-Games
    [2011/02/27 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Virtual Prophecy
    [2011/03/25 00:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vogat Interactive
    [2011/02/09 21:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WhiteBirdsProductions
    [2011/01/26 18:27:59 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
    [2011/09/28 09:27:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{543E4E5F-07B9-4CAD-842E-E1A656BADACE}.job

    ========== Purity Check ==========
     
  20. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL Txt (part 2)

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/02/17 21:34:32 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2011/08/27 17:42:31 | 000,000,184 | ---- | M] () -- C:\Boot.bak
    [2011/09/01 17:33:30 | 000,000,300 | RHS- | M] () -- C:\BOOT.INI
    [2008/09/23 00:06:04 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
    [2008/09/23 00:29:38 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
    [2003/02/21 17:11:18 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2008/09/23 00:27:10 | 000,000,355 | ---- | M] () -- C:\ccrrec.ver
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2009/02/17 21:34:32 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2008/09/23 00:11:08 | 000,001,218 | ---- | M] () -- C:\drivez.log
    [2010/03/03 21:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
    [2011/09/28 09:24:02 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/17 21:34:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/09/23 00:09:20 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
    [2011/02/24 21:33:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/09/22 23:42:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/02/18 20:29:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/09/28 09:23:54 | 803,610,624 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/10 12:46:49 | 000,062,573 | ---- | M] () -- C:\rescue-system_scan.log
    [2011/09/13 16:50:00 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2011/09/05 14:45:39 | 000,000,403 | ---- | M] () -- C:\rkill_20110905_1445.txt
    [2008/09/22 22:35:42 | 000,001,563 | ---- | M] () -- C:\SYSLEVEL.IBM
    [2008/09/22 22:33:44 | 000,000,043 | ---- | M] () -- C:\TCPACHIP.LOG
    [2011/09/12 12:58:27 | 000,054,684 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_12.09.2011_12.42.32_log.txt
    [2011/09/13 10:26:01 | 000,054,286 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_13.09.2011_09.59.19_log.txt
    [2011/09/13 12:03:34 | 000,054,300 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_13.09.2011_11.39.02_log.txt
    [2011/09/13 15:12:44 | 000,054,286 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_13.09.2011_15.09.43_log.txt
    [2011/09/13 16:48:28 | 000,056,046 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_13.09.2011_16.46.23_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/02/21 17:29:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2003/07/16 00:35:04 | 000,002,193 | ---- | M] () -- C:\WINDOWS\system32\TpShPrm.jpg
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\*.jpg >
    [2002/10/10 21:07:40 | 000,055,408 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/08/27 17:31:20 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2008/08/05 14:43:32 | 001,421,312 | ---- | M] (GameHouse, Inc) -- C:\Program Files\LittleShopRoadTrip.exe
    [2009/08/04 16:11:50 | 000,002,445 | ---- | M] () -- C:\Program Files\readme.txt
    [2008/07/29 08:53:56 | 048,345,761 | ---- | M] () -- C:\Program Files\Stash4.bin

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/02/21 17:18:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2003/02/21 17:18:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/02/21 17:18:08 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/02/18 20:38:44 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/02/18 20:50:58 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/02/21 17:35:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/21 17:48:44 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
    [2011/09/28 12:20:18 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2009/02/26 17:41:39 | 004,576,296 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\OutlookConnector.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/02/18 20:50:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\User\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/09/28 09:24:21 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\User\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 01:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 20:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 20:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 20:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/21 04:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/21 04:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/21 04:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 20:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 19:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >
     
  21. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL rxr (part 3)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9BA8D0
    @Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4790A691
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C498
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93DCF15
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DCFAD3B
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24386795
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDCFE2F8
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85198B11
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9515506
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:558F88ED
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8459971E
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD7D9B9F
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:685F5579
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679E30C6
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:047BD65A
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91C1B95D
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C5315B5
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE459A42
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9BA72C4
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B501211D
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39038693
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3678540D
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7961507B
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04FDFCF6
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C602FACB
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22AF5FED
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80BD5645
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2D1995
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585E6E5
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:927EC486
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C8DBFC0
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:872B86AD
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C5F022
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47771716
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:431DB5FA
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D563DFD3
     
  22. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL txt (part 4)

    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5241382
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94ABF
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63306D48
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:202CF111
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A292A9
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10DCAF3
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE07EBE7
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6837B088
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67B858FB
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEE3A701
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A77513
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FDDA142
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E894A3ED
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD9D80A
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8761AAB
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F11720
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD3264B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:678F890D
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35F18773
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1880E7FA
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CD4718
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0BB00BB
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A492E5EC
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A88719
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6348AC97
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B2128F2
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20767002
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AAC7FB
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B389835
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDA2D0EB
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AA6556C
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33592E3
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178D4338
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2EDE671
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACECBBFF
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FB23746
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDCA157D
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C72DC93
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC9B4B7
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55EFEB27
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5BB3BCF

    < End of report >
     
  23. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL Extras txt

    OTL Extras logfile created on: 9/28/2011 12:24:32 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.92 Mb Total Physical Memory | 251.73 Mb Available Physical Memory | 49.27% Memory free
    1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.93% Paging File free
    Paging file location(s): C:\pagefile.sys 765 765E:\pagefile.sys 512 512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 32.59 Gb Total Space | 9.81 Gb Free Space | 30.10% Space Free | Partition Type: NTFS
    Drive E: | 3.81 Gb Total Space | 1.95 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

    Computer Name: IBM-46D4ED0739C | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Documents and Settings\User\My Documents\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Documents and Settings\User\My Documents\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
    "{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
    "{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
    "{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{260FCE8D-30DB-48D6-A39F-FFC720EC288B}" = Liong
    "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
    "{56373057-E823-4DDE-98C3-E89AEF7895B8}" = Intel(R) Sebring API
    "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
    "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
    "{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
    "{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113069720}" = Mystery PI
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119073360}" = Mystery Cruise
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
    "{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
    "{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
    "{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
    "{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
    "{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
    "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
    "{FE8F0B54-1850-4DFB-B470-52E11FF2BB88}" = Little Shop - Road Trip
    "09e745e192b1bd30f406563d8e6cb8d1" = The Magician's Handbook II - BlackLore
    "46f2343062b496d53f5424fe1e0c7242" = Mystery P.I.(TM) - The New York Fortune
    "4fe021e056f0f8d7349c06fae15b6c23" = Vacation Quest(TM) - The Hawaiian Islands
    "895b368283e08c4d00ecbc2058052ff6" = The Scruffs
    "All ATI Software" = ATI - Software Uninstall Utility
    "am-antiqueroadtripusa" = Zuma's Revenge!(TM) - Adventure
    "am-hidesecretcliffhangercastle" = Hide & Secret - Cliffhanger Castle
    "am-makingmrright" = Making Mr. Right
    "am-mysterypithelotteryticket" = Mystery P.I. - The Lottery Ticket
    "am-mysteryville" = Mysteryville
    "am-nataliebrookssecretsoftreasurehouse" = Natalie Brooks - Secrets of Treasure House
    "am-theclockworkmanthehiddenworld" = The Clockwork Man - The Hidden World
    "am-weddingsalon" = Wedding Salon
    "Antique Road Trip 2: Homecoming" = Antique Road Trip 2: Homecoming (remove only)
    "Antiques Roadshow" = Antiques Roadshow (remove only)
    "ATI Display Driver" = ATI Display Driver
    "bfgbartb" = Toolbar - Big Fish Games
    "BFGC" = Big Fish Games: Game Manager
    "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
    "conduitEngine" = Conduit Engine
    "CToolbar_UNINSTALL" = Crawler Toolbar
    "Dr. Lynch: Grave Secrets" = Dr. Lynch: Grave Secrets (remove only)
    "EasyEject Utility" = IBM ThinkPad EasyEject Utility
    "Elizabeth Find MD Season 2" = Elizabeth Find MD Season 2 (remove only)
    "exent_539150" = Fairy Jewels
    "exent_554950" = The Magicians Handbook - Cursed Valley
    "exent_574650" = Great Secrets Da Vinci
    "exent_609450" = Samantha Swift and the Hidden Roses of Athena
    "exent_616750" = Holly: A Christmas Tale Deluxe
    "exent_619950" = Nightshift Legacy - The Jaguar's eye
    "exent_623250" = PJ Pride Pet Detective Destination Europe
    "exent_624550" = The Mysterious City - Cairo
    "exent_635550" = Mystery of Unicorn Castle
    "exent_642150" = Pahelika - Secret Legends
    "exent_648050" = Mysterious City - Vegas
    "exent_661450" = Masters of Mystery - Blood of Betrayal
    "exent_683050" = It's All About Masks
    "exent_690850" = Mystic Gallery
    "exent_695650" = Little Shop - Memories
    "exent_703350" = The Legend of El Dorado
    "fd36355d88642e675da02ce3398cfffb" = The Treasures of Mystery Island
    "Free_Ride_Games Toolbar" = Free Ride Games Toolbar
    "Hidden Magic" = Hidden Magic (remove only)
    "Hidden Object Studios: I'll Believe You -- Special Edition" = Hidden Object Studios: I'll Believe You -- Special Edition (remove only)
    "ie8" = Windows Internet Explorer 8
    "iWin Toolbar" = iWin Toolbar
    "iWinArcade" = iWin Games (remove only)
    "Jewelry Secret: Mystery Stones" = Jewelry Secret: Mystery Stones (remove only)
    "Little Shop: Memories" = Little Shop: Memories (remove only)
    "LiveReg" = LiveReg (Symantec Corporation)
    "LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
    "Magician's Handbook 2: Blacklore" = Magician's Handbook 2: Blacklore (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
    "Mysterious City: Cairo" = Mysterious City: Cairo (remove only)
    "Mysterious City: Vegas" = Mysterious City: Vegas (remove only)
    "Mysteryville" = Mysteryville (remove only)
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
    "Power Management Driver" = IBM ThinkPad Power Management Driver
    "Presentation Director" = IBM ThinkPad Presentation Director
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "Pure Hidden" = Pure Hidden (remove only)
    "Route 66" = Route 66 (remove only)
    "Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch
    "Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena
    "Samantha Swift and the Mystery From Atlantis" = Samantha Swift and the Mystery From Atlantis
    "Sprill & Ritchies Adventures In Time" = Sprill & Ritchies Adventures In Time (remove only)
    "Superior Save" = Superior Save (remove only)
    "SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
    "SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
    "The Mysterious City: Golden Prague" = The Mysterious City: Golden Prague (remove only)
    "ThinkPad Configuration" = IBM ThinkPad Configuration
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "ThinkPadSoftwareInstaller" = ThinkPad Software Installer
    "ToolbarBrowser_is1" = ToolbarBrowser v2.4
    "Vegas Penny Slots Pack" = Vegas Penny Slots Pack (remove only)
    "VLC media player" = VLC media player 1.1.5
    "Web Games Player Plugin" = Web Games Player Plugin
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Wisegal" = Wisegal (remove only)
    "Wolfgang Holbeins: The Inquisitor" = Wolfgang Holbeins: The Inquisitor (remove only)
    "Zylom Games Player Plugin" = Zylom Games Player Plugin

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-881541761-2169257238-1982976862-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2011 7:44:13 PM | Computer Name = IBM-46D4ED0739C | Source = ESENT | ID = 489
    Description = wuauclt (928) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 8/11/2011 7:44:13 PM | Computer Name = IBM-46D4ED0739C | Source = ESENT | ID = 455
    Description = wuaueng.dll (928) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
    while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 9/5/2011 7:56:23 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
    version 0.0.0.0, fault address 0x0008d1c0.

    Error - 9/9/2011 7:40:22 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application qconsole.exe, version 10.0.10.13, faulting module
    ecmsvr32.dll, version 81.3.0.13, fault address 0x00008b3c.

    Error - 9/9/2011 2:03:53 PM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
    msmsgs.exe, version 4.7.0.3001, fault address 0x00047a49.

    Error - 9/13/2011 6:38:59 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/13/2011 6:38:59 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 9/13/2011 11:46:05 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/13/2011 11:46:05 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 9/21/2011 4:51:09 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x000ccfee.

    [ Application Events ]
    Error - 8/11/2011 7:44:13 PM | Computer Name = IBM-46D4ED0739C | Source = ESENT | ID = 489
    Description = wuauclt (928) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 8/11/2011 7:44:13 PM | Computer Name = IBM-46D4ED0739C | Source = ESENT | ID = 455
    Description = wuaueng.dll (928) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
    while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 9/5/2011 7:56:23 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
    version 0.0.0.0, fault address 0x0008d1c0.

    Error - 9/9/2011 7:40:22 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application qconsole.exe, version 10.0.10.13, faulting module
    ecmsvr32.dll, version 81.3.0.13, fault address 0x00008b3c.

    Error - 9/9/2011 2:03:53 PM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
    msmsgs.exe, version 4.7.0.3001, fault address 0x00047a49.

    Error - 9/13/2011 6:38:59 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/13/2011 6:38:59 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 9/13/2011 11:46:05 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/13/2011 11:46:05 AM | Computer Name = IBM-46D4ED0739C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 9/21/2011 4:51:09 AM | Computer Name = IBM-46D4ED0739C | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x000ccfee.

    [ System Events ]
    Error - 9/26/2011 6:18:10 PM | Computer Name = IBM-46D4ED0739C | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x8007006e: Update for Microsoft Office 2003 (KB949074).

    Error - 9/27/2011 8:21:38 AM | Computer Name = IBM-46D4ED0739C | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 9/27/2011 8:21:39 AM | Computer Name = IBM-46D4ED0739C | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 9/27/2011 8:22:17 AM | Computer Name = IBM-46D4ED0739C | Source = Service Control Manager | ID = 7001
    Description = The DHCP Client service depends on the NetBT service which failed
    to start because of the following error: %%31

    Error - 9/27/2011 8:22:17 AM | Computer Name = IBM-46D4ED0739C | Source = Service Control Manager | ID = 7001
    Description = The DNS Client service depends on the TCP/IP Protocol Driver service
    which failed to start because of the following error: %%31

    Error - 9/27/2011 8:22:17 AM | Computer Name = IBM-46D4ED0739C | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
    Environment service which failed to start because of the following error: %%31

    Error - 9/27/2011 8:22:17 AM | Computer Name = IBM-46D4ED0739C | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 9/27/2011 8:22:17 AM | Computer Name = IBM-46D4ED0739C | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL ShockMgr Smapint SYMTDI
    Tcpip
    TDSMAPI
    TPHKDRV
    TPPWR
    TSMAPIP

    Error - 9/28/2011 4:24:23 AM | Computer Name = IBM-46D4ED0739C | Source = PSched | ID = 14103
    Description = QoS [Adapter {082445D2-37B2-4AED-9AD9-1F1651F1EC38}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 9/28/2011 4:28:21 AM | Computer Name = IBM-46D4ED0739C | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x8007006e: Update for Microsoft Office 2003 (KB949074).


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You can safely uninstall McAfee Security Scan, typical foistware.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
      SRV - [2011/06/26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin
      CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
      O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll File not found
      O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll File not found
      O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h File not found
      O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
      O15 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..Trusted Domains: ([]msn in My Computer)
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9BA8D0
      @Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
      @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
      @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4790A691
      @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C498
      @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93DCF15
      @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DCFAD3B
      @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24386795
      @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDCFE2F8
      @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
      @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
      @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85198B11
      @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9515506
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
      @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
      @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:558F88ED
      @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
      @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8459971E
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD7D9B9F
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:685F5579
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679E30C6
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
      @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:047BD65A
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91C1B95D
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C5315B5
      @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE459A42
      @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9BA72C4
      @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B501211D
      @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39038693
      @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A
      @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3678540D
      @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
      @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
      @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7961507B
      @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04FDFCF6
      @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
      @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C602FACB
      @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
      @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
      @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
      @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
      @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22AF5FED
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80BD5645
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2D1995
      @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E
      @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585E6E5
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:927EC486
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C8DBFC0
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:872B86AD
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C5F022
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47771716
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:431DB5FA
      @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D563DFD3 
      @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
      @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5241382
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94ABF
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63306D48
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:202CF111
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A292A9
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10DCAF3
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE07EBE7
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6837B088
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67B858FB
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
      @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEE3A701
      @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A77513
      @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FDDA142
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E894A3ED
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD9D80A
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8761AAB
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F11720
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD3264B
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:678F890D
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35F18773
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1880E7FA
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CD4718
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0BB00BB
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A492E5EC
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A88719
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6348AC97
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B2128F2
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20767002
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AAC7FB
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B389835
      @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDA2D0EB
      @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
      @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AA6556C
      @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
      @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33592E3
      @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178D4338
      @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2EDE671
      @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACECBBFF
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FB23746
      @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDCA157D
      @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C72DC93
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC9B4B7
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
      @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
      @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55EFEB27
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
      @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
      @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
      @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5BB3BCF
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\MyWebSearch
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. poshgerm

    poshgerm TS Rookie Topic Starter Posts: 23

    OTL Fixes - 09282011_174152.log (part 1)

    :OTL
    DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    SRV - [2011/06/26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
    O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll File not found
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
    O15 - HKU\S-1-5-21-881541761-2169257238-1982976862-1006\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9BA8D0
    @Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4790A691
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C498
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93DCF15
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DCFAD3B
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24386795
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDCFE2F8
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85198B11
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9515506
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:558F88ED
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8459971E
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD7D9B9F
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:685F5579
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679E30C6
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:047BD65A
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91C1B95D
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0441DB7A
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C5315B5
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE459A42
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9BA72C4
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B501211D
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39038693
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F216755A
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3678540D
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7961507B
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04FDFCF6
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C602FACB
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22AF5FED
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80BD5645
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2D1995
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585E6E5
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:927EC486
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C8DBFC0
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:872B86AD
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C5F022
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47771716
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:431DB5FA
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D563DFD3
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...