Inactive Post virus cleanup. Google Redirect + iexplorer.exe/background adds

K

Kitaru

Posts: 14   +0
Was able to clean up most of a variant of Windows restore / windows repair malware. Unfortunately some problems I'm stumped to solve.

Problem started off with the typical hard drive has failed error. When i realized that my files were invisible instead of gone, I attempted a (failed) system restore. S&D / MBAM / AVG and combo fix cleared up those issues.

Current Issues had:
Search Engine redirects
iexplorer.exe multiple processes, restores self after termination.
Audio advertisements, linked to iexplorer, without a window to accompany.
Messengers fail to load fully.
Slow response/load time from primary browser (firefox)

Your requested logs are posted; I also have access to OTL and Hijackthis logs as well.

Logs go as follows:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7680

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 8:16:21 PM
mbam-log-2011-09-08 (20-16-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 345259
Time elapsed: 1 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





-------------------------




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-08 20:41:33
Windows 5.1.2600 Service Pack 3
Running: 8psj55qf.exe; Driver: C:\DOCUME~1\MITCHE~1\LOCALS~1\Temp\pxtdqpob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x17 0x45 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x0C 0x07 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xF9 0xC2 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8B 0x4D 0xDC 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9E 0xD6 0xBC 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0xF2 0x55 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x34 0x08 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD0 0x1E 0xCE 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x7E 0x0B 0x8C 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1952241418
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1837147711
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x0C 0x07 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xF9 0xC2 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8B 0x4D 0xDC 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9E 0xD6 0xBC 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0xF2 0x55 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0xD2 0x40 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x17 0x86 0x3B 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x22 0xF8 0x35 0xF2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x0C 0x07 0xFE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xF9 0xC2 0x5A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8B 0x4D 0xDC 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9E 0xD6 0xBC 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0xF2 0x55 0xF7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0xD2 0x40 0x68 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x17 0x86 0x3B 0x15 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x22 0xF8 0x35 0xF2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\FFPolicyB 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\FFRoot 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\FFRootB 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\FPlugins 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\FPluginsB 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\svclist.dat 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\temp00 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\temp04 0 bytes
File C:\Documents and Settings\Mitchell Bonney\Local Settings\temp\nsg94.tmp\temp05 0 bytes

---- EOF - GMER 1.0.15 ----



----------------------------------------




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by Mitchell Bonney at 18:24:20 on 2011-09-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1152 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Mitchell Bonney\Desktop\8psj55qf.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim2\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{6B354A92-848A-4D62-AA00-4FBF5ABC46AA} : DhcpNameServer = 192.168.15.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.


-------------------------------



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2005 6:26:13 PM
System Uptime: 9/8/2011 4:10:09 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 95.036 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&71D9B23&0&0001
Manufacturer: ATI Technologies Inc.
Name: ATI High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&71D9B23&0&0001
Service: AtiHDAudioService
.
==== System Restore Points ===================
.
RP2: 5/31/2010 10:34:16 PM - Installed League of Legends
RP3: 6/1/2010 4:40:47 PM - Advanced SystemCare RestorePoint
RP4: 6/1/2010 4:53:49 PM - Removed RollerCoaster Tycoon® 3
RP5: 6/1/2010 5:02:45 PM - Removed WonderKing.
RP6: 6/3/2010 1:57:04 PM - Installed AVG 9.0
RP7: 6/3/2010 2:01:41 PM - Installed AVG 9.0
RP8: 6/3/2010 2:04:00 PM - Removed AVG Free 8.5
RP9: 6/3/2010 2:04:44 PM - Installed AVG Free 8.5
RP10: 6/3/2010 2:12:34 PM - Installed AVG 9.0
RP11: 6/3/2010 2:18:01 PM - Installed AVG 9.0
RP12: 6/3/2010 2:22:37 PM - Installed AVG 9.0
RP13: 6/4/2010 3:41:27 PM - Avg Update
RP14: 6/5/2010 4:03:12 PM - Software Distribution Service 3.0
RP15: 6/12/2010 3:00:18 AM - Software Distribution Service 3.0
RP16: 6/15/2010 3:13:42 PM - System Checkpoint
RP17: 6/18/2010 4:18:25 PM - System Checkpoint
RP18: 6/20/2010 4:06:18 PM - System Checkpoint
RP19: 6/21/2010 3:40:15 PM - Avg Update
RP20: 6/21/2010 3:43:06 PM - Avg Update
RP21: 6/22/2010 6:25:48 PM - System Checkpoint
RP22: 6/24/2010 4:07:50 PM - Software Distribution Service 3.0
RP23: 6/26/2010 10:29:36 PM - System Checkpoint
RP24: 6/28/2010 3:32:08 PM - Avg Update
RP25: 6/28/2010 3:33:11 PM - Avg Update
RP26: 7/1/2010 8:12:16 PM - System Checkpoint
RP27: 7/4/2010 12:07:40 AM - System Checkpoint
RP28: 7/5/2010 10:27:32 AM - System Checkpoint
RP29: 7/13/2010 12:25:55 PM - System Checkpoint
RP30: 7/15/2010 8:16:44 AM - Software Distribution Service 3.0
RP31: 7/18/2010 11:10:20 PM - System Checkpoint
RP32: 7/21/2010 10:04:11 PM - System Checkpoint
RP33: 7/25/2010 7:12:41 PM - System Checkpoint
RP34: 7/25/2010 9:45:50 PM - Installed Steam
RP35: 7/28/2010 9:10:18 PM - Software Distribution Service 3.0
RP36: 8/2/2010 11:48:28 PM - System Checkpoint
RP37: 8/3/2010 12:49:05 AM - Software Distribution Service 3.0
RP38: 8/11/2010 6:02:59 PM - System Checkpoint
RP39: 8/13/2010 1:00:06 PM - Software Distribution Service 3.0
RP40: 8/15/2010 9:11:14 PM - Software Distribution Service 3.0
RP41: 8/21/2010 3:42:27 AM - Installed Java(TM) 6 Update 16
RP42: 8/25/2010 12:09:52 PM - Installed Windows Media Player Firefox Plugin
RP43: 8/27/2010 9:20:00 PM - System Checkpoint
RP44: 8/28/2010 9:17:14 PM - Restore Operation
RP45: 8/29/2010 11:43:32 AM - Restore Operation
RP46: 9/10/2010 12:12:24 PM - Removed Apple Application Support
RP47: 9/10/2010 4:06:43 PM - Installed League of Legends
RP48: 9/10/2010 4:09:53 PM - Configured League of Legends
RP49: 9/10/2010 4:10:18 PM - Removed League of Legends
RP50: 9/10/2010 4:11:45 PM - Installed League of Legends
RP51: 9/11/2010 6:02:14 PM - Removed AVG Free 9.0
RP52: 9/13/2010 1:09:26 PM - Removed WordPerfect Office 12
RP53: 9/15/2010 2:03:42 PM - Removed Sonic DLA
RP54: 9/15/2010 2:04:05 PM - Removed Sonic Update Manager
RP55: 9/15/2010 5:54:39 PM - Rollback to an unsigned driver
RP56: 9/15/2010 6:05:59 PM - Installed Creative AudioHQ
RP57: 9/15/2010 6:11:35 PM - Restore Operation
RP58: 9/18/2010 2:57:54 PM - Restore Operation
RP59: 10/8/2010 2:21:42 PM - Installed Java(TM) 6 Update 16
RP60: 10/10/2010 1:47:11 PM - Removed QuickTime
RP61: 11/14/2010 10:15:22 AM - Restore Operation
RP62: 11/14/2010 11:29:30 AM - Restore Operation
RP63: 12/16/2010 12:35:04 PM - Installed QuickTime
RP64: 12/19/2010 3:18:10 PM - Installed NETGEAR WPN311 Wireless Adapter
RP65: 1/2/2011 3:00:30 AM - Software Distribution Service 3.0
RP66: 1/3/2011 9:07:19 AM - Software Distribution Service 3.0
RP67: 1/4/2011 11:03:40 AM - Software Distribution Service 3.0
RP68: 3/8/2011 1:36:57 AM - Installed WinZip 15.0
RP69: 3/10/2011 8:52:50 PM - Removed ATI Catalyst Control Center
RP70: 3/10/2011 9:15:49 PM - Removed ATI Catalyst Control Center
RP71: 3/10/2011 10:01:29 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP72: 3/10/2011 10:12:49 PM - Installed Catalyst Control Center InstallProxy
RP73: 3/10/2011 11:39:58 PM - Installed DirectX
RP74: 3/11/2011 12:46:09 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP75: 3/11/2011 12:47:03 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP76: 3/13/2011 1:53:49 PM - Configured NETGEAR WPN311 Wireless Adapter
RP77: 3/13/2011 2:16:56 PM - Installed Oblivion
RP78: 3/13/2011 2:17:01 PM - Installed DirectX 9.0
RP79: 4/15/2011 9:56:45 PM - Installed Mumble 1.2.3
RP80: 5/20/2011 6:39:56 PM - ComboFix created restore point
RP81: 5/31/2011 11:21:22 PM - Software Distribution Service 3.0
RP82: 7/13/2011 1:33:28 PM - Installed Magic Online
RP83: 9/7/2011 2:11:20 PM - Restore Operation
RP84: 9/7/2011 2:19:08 PM - Restore Operation
RP85: 9/7/2011 2:53:41 PM - Restore Operation
RP86: 9/8/2011 12:43:03 AM - Installed AVG 2012
RP87: 9/8/2011 12:43:24 AM - Installed AVG 2012
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Action Replay Code Manager
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9
AIM 7
AOL Instant Messenger
AOLIcon
Apple Application Support
Apple Software Update
Application Verifier
AstroPop Deluxe 1.1
Audio User's Guide
AVG 2012
BannedStory
BannedStory 3.0
Catalyst Control Center InstallProxy
Combined Community Codec Pack 2006-07-28 (Remove Only)
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Creeper World
Creeper World 2
Creeper World 2 Editor
Creeper World DEMO
Creeper World Map Editor
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
DeadAIM
Debugging Tools for Windows (x86)
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Digital Content Portal
Digital Line Detect
DivX Setup
DNA
DragonNest
Driver Sweeper 2.1.0
Gigaware Optical Mouse Driver 4.06
Gmask 1.70 English
Hero Editor V0.96
High Definition Audio Driver Package - KB835221
HOARD
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Iggle Pop Deluxe 1.0
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
League of Legends
Macromedia Flash Player
Magic Online
Malwarebytes' Anti-Malware version 1.51.1.1800
MapleStory
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.0
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mouse Suite
Mozilla Firefox 6.0.2 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
Musicmatch for Windows Media Player
Napster for Windows Media Player
NetWaiting
Nexon Game Manager
Oblivion
ooVoo
Pando Media Booster
Peggle Nights
Plants vs. Zombies
PlayFLV
Portal
Portal 2
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sid Meier's Civilization 4
Skype™ 4.0
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Rootkit 1.5.20
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
StarCraft II
StarCraft II Beta
Steam
SUPERAntiSpyware
Talismania Deluxe 1.1
TeamViewer 6
TightVNC 1.3.9
Total Annihilation
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
Water Bugs 1.15
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.0
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
World of Warcraft
World of Warcraft Public Test
Xvid Video Codec
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/8/2011 4:47:20 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
9/8/2011 3:33:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/8/2011 3:32:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The StarWind iSCSI Service service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
9/8/2011 2:13:03 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/8/2011 2:13:03 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/7/2011 2:05:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/7/2011 2:05:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2011 2:05:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2011 2:05:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2011 2:05:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2011 2:04:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/5/2011 12:09:43 AM, error: Dhcp [1002] - The IP address lease 192.168.15.5 for the Network Card with network address 00123F7A1C62 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/4/2011 2:21:45 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
9/4/2011 2:21:40 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/4/2011 2:21:39 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/4/2011 2:21:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
9/4/2011 2:21:38 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/4/2011 10:04:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni said:
Welcome aboard [
[*]If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
[/list]
Click to expand...

\Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
\Device\Harddisk0\DR0 - ok

Will be rebooting in the next 10 mins. Thank you.
 
2011/09/08 22:35:47.0781 3308 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 22:35:49.0781 3308 ================================================================================
2011/09/08 22:35:49.0781 3308 SystemInfo:
2011/09/08 22:35:49.0781 3308
2011/09/08 22:35:49.0781 3308 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/08 22:35:49.0781 3308 Product type: Workstation
2011/09/08 22:35:49.0781 3308 ComputerName: KIT
2011/09/08 22:35:49.0781 3308 UserName: Mitchell Bonney
2011/09/08 22:35:49.0781 3308 Windows directory: C:\WINDOWS
2011/09/08 22:35:49.0781 3308 System windows directory: C:\WINDOWS
2011/09/08 22:35:49.0781 3308 Processor architecture: Intel x86
2011/09/08 22:35:49.0781 3308 Number of processors: 2
2011/09/08 22:35:49.0781 3308 Page size: 0x1000
2011/09/08 22:35:49.0781 3308 Boot type: Normal boot
2011/09/08 22:35:49.0781 3308 ================================================================================
2011/09/08 22:35:53.0312 3308 Initialize success
2011/09/08 22:35:55.0828 3656 ================================================================================
2011/09/08 22:35:55.0828 3656 Scan started
2011/09/08 22:35:55.0828 3656 Mode: Manual;
2011/09/08 22:35:55.0828 3656 ================================================================================
2011/09/08 22:36:02.0671 3656 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/08 22:36:02.0906 3656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 22:36:03.0265 3656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/08 22:36:04.0343 3656 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/08 22:36:05.0140 3656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 22:36:05.0875 3656 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/08 22:36:06.0562 3656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 22:36:07.0531 3656 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/08 22:36:08.0375 3656 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/08 22:36:09.0484 3656 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/08 22:36:10.0125 3656 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/08 22:36:10.0812 3656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/08 22:36:11.0078 3656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/08 22:36:11.0250 3656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/08 22:36:11.0453 3656 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/08 22:36:11.0718 3656 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/08 22:36:11.0875 3656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/08 22:36:12.0203 3656 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/08 22:36:12.0687 3656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/08 22:36:13.0218 3656 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/08 22:36:13.0562 3656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 22:36:13.0875 3656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 22:36:15.0156 3656 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/08 22:36:16.0437 3656 AtiHDAudioService (af7ee20d8ecc163d30bd2ab594a74baf) C:\WINDOWS\system32\drivers\AtihdXP3.sys
2011/09/08 22:36:16.0656 3656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 22:36:16.0828 3656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 22:36:16.0953 3656 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/08 22:36:17.0109 3656 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/08 22:36:17.0250 3656 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/08 22:36:17.0375 3656 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/08 22:36:17.0671 3656 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/08 22:36:17.0968 3656 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/08 22:36:18.0187 3656 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/08 22:36:18.0328 3656 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/08 22:36:18.0609 3656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 22:36:19.0046 3656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/08 22:36:19.0140 3656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 22:36:19.0234 3656 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/08 22:36:19.0437 3656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 22:36:19.0656 3656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 22:36:19.0812 3656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 22:36:20.0031 3656 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/08 22:36:20.0187 3656 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/08 22:36:20.0406 3656 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/09/08 22:36:20.0578 3656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/08 22:36:20.0828 3656 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/08 22:36:21.0031 3656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 22:36:21.0281 3656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 22:36:21.0390 3656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/08 22:36:21.0421 3656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 22:36:21.0515 3656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 22:36:21.0703 3656 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/08 22:36:21.0781 3656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 22:36:21.0828 3656 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/08 22:36:22.0046 3656 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/08 22:36:22.0437 3656 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/08 22:36:22.0546 3656 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/09/08 22:36:22.0718 3656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 22:36:22.0921 3656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/08 22:36:23.0046 3656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 22:36:23.0171 3656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/08 22:36:23.0265 3656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/08 22:36:23.0312 3656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 22:36:23.0343 3656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 22:36:23.0406 3656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 22:36:23.0468 3656 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/09/08 22:36:23.0609 3656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 22:36:23.0687 3656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 22:36:23.0750 3656 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/08 22:36:23.0796 3656 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/08 22:36:23.0890 3656 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/08 22:36:24.0015 3656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 22:36:24.0109 3656 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/08 22:36:24.0156 3656 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/08 22:36:24.0187 3656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 22:36:24.0250 3656 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
2011/09/08 22:36:24.0296 3656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 22:36:24.0359 3656 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/08 22:36:24.0406 3656 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/08 22:36:24.0468 3656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/08 22:36:24.0531 3656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/08 22:36:24.0578 3656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 22:36:24.0718 3656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 22:36:24.0781 3656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 22:36:24.0812 3656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 22:36:24.0843 3656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 22:36:24.0890 3656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 22:36:24.0921 3656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/08 22:36:24.0968 3656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 22:36:25.0000 3656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 22:36:25.0140 3656 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/08 22:36:25.0250 3656 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/08 22:36:25.0296 3656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 22:36:25.0312 3656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 22:36:25.0343 3656 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/08 22:36:25.0359 3656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 22:36:25.0406 3656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 22:36:25.0437 3656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 22:36:25.0468 3656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/08 22:36:25.0500 3656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 22:36:25.0546 3656 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 22:36:25.0734 3656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 22:36:25.0843 3656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 22:36:25.0890 3656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 22:36:25.0984 3656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 22:36:26.0046 3656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 22:36:26.0093 3656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 22:36:26.0171 3656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 22:36:26.0234 3656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 22:36:26.0281 3656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 22:36:26.0343 3656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 22:36:26.0390 3656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 22:36:26.0421 3656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 22:36:26.0468 3656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 22:36:26.0546 3656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 22:36:26.0625 3656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 22:36:26.0687 3656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 22:36:26.0828 3656 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/08 22:36:27.0015 3656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 22:36:27.0078 3656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 22:36:27.0140 3656 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/08 22:36:27.0156 3656 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/08 22:36:27.0187 3656 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/08 22:36:27.0250 3656 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/09/08 22:36:27.0421 3656 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2011/09/08 22:36:27.0562 3656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 22:36:27.0625 3656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 22:36:27.0671 3656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 22:36:27.0703 3656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 22:36:27.0734 3656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 22:36:27.0781 3656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/08 22:36:27.0906 3656 pelmouse (0196ae2adcd2eb13ff355da7f9d4518f) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/09/08 22:36:27.0968 3656 pelusblf (5dbfec9210729170dfbca837a780f57c) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/09/08 22:36:28.0015 3656 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/08 22:36:28.0062 3656 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/08 22:36:28.0156 3656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 22:36:28.0187 3656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 22:36:28.0234 3656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 22:36:28.0265 3656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/08 22:36:28.0312 3656 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/08 22:36:28.0343 3656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/08 22:36:28.0375 3656 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/08 22:36:28.0406 3656 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/08 22:36:28.0484 3656 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/08 22:36:28.0562 3656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 22:36:28.0609 3656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 22:36:28.0671 3656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 22:36:28.0781 3656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 22:36:28.0937 3656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 22:36:29.0140 3656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 22:36:29.0312 3656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 22:36:29.0578 3656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 22:36:29.0718 3656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 22:36:29.0781 3656 SaiH80C0 (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys
2011/09/08 22:36:29.0843 3656 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
2011/09/08 22:36:29.0921 3656 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\WINDOWS\system32\drivers\SaiBus.sys
2011/09/08 22:36:30.0031 3656 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/08 22:36:30.0109 3656 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/08 22:36:30.0187 3656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 22:36:30.0265 3656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 22:36:30.0328 3656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 22:36:30.0390 3656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 22:36:30.0468 3656 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/08 22:36:30.0500 3656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/08 22:36:30.0531 3656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 22:36:30.0640 3656 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/08 22:36:30.0640 3656 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/09/08 22:36:30.0656 3656 sptd - detected LockedFile.Multi.Generic (1)
2011/09/08 22:36:30.0687 3656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 22:36:31.0093 3656 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 22:36:31.0125 3656 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/08 22:36:31.0156 3656 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/08 22:36:31.0218 3656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 22:36:31.0250 3656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 22:36:31.0312 3656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/08 22:36:31.0359 3656 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/08 22:36:31.0390 3656 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/08 22:36:31.0421 3656 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/08 22:36:31.0484 3656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 22:36:31.0546 3656 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\WINDOWS\system32\DRIVERS\tap0801.sys
2011/09/08 22:36:31.0640 3656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 22:36:31.0734 3656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 22:36:31.0781 3656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 22:36:31.0812 3656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 22:36:31.0890 3656 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/08 22:36:31.0921 3656 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/08 22:36:31.0953 3656 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/08 22:36:31.0968 3656 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/08 22:36:32.0000 3656 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/08 22:36:32.0031 3656 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/08 22:36:32.0062 3656 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/08 22:36:32.0093 3656 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/08 22:36:32.0140 3656 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/08 22:36:32.0203 3656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/08 22:36:32.0296 3656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 22:36:32.0312 3656 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/08 22:36:32.0390 3656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/08 22:36:32.0468 3656 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/08 22:36:32.0609 3656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 22:36:32.0703 3656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 22:36:32.0734 3656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 22:36:32.0796 3656 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
2011/09/08 22:36:32.0921 3656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/08 22:36:33.0015 3656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/08 22:36:33.0109 3656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 22:36:33.0171 3656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/08 22:36:33.0234 3656 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/09/08 22:36:33.0234 3656 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2011/09/08 22:36:33.0250 3656 vaxscsi - detected LockedFile.Multi.Generic (1)
2011/09/08 22:36:33.0281 3656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 22:36:33.0343 3656 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/08 22:36:33.0421 3656 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/08 22:36:33.0500 3656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 22:36:33.0546 3656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 22:36:33.0640 3656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 22:36:33.0734 3656 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/08 22:36:33.0859 3656 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/08 22:36:33.0953 3656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 22:36:34.0000 3656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 22:36:34.0062 3656 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
2011/09/08 22:36:34.0093 3656 Boot (0x1200) (0acf7f764613ebbdbd1cae4677ac50f3) \Device\Harddisk0\DR0\Partition0
2011/09/08 22:36:34.0093 3656 ================================================================================
2011/09/08 22:36:34.0093 3656 Scan finished
2011/09/08 22:36:34.0093 3656 ================================================================================
2011/09/08 22:36:34.0109 3648 Detected object count: 2
2011/09/08 22:36:34.0109 3648 Actual detected object count: 2
2011/09/08 22:36:40.0734 3648 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/08 22:36:40.0734 3648 LockedFile.Multi.Generic(vaxscsi) - User select action: Skip
 
How is redirection?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
Sorry for delayed reply - lost power.

tested redirection 15 times. one fail to load page, 14 correct sites. Seems to be working correctly.

iexplorer seems to not pop up anymore either. Still having an issue loading messangers.


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB94D8000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6742016 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF259000 C:\WINDOWS\System32\ati3duag.dll 4030464 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C5000 C:\WINDOWS\System32\ativvaxx.dll 2674688 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91B7000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB9EBD000 PCI_NTPNP8888 958464 bytes
0xB9EBD000 sptd.sys 958464 bytes
0xB9D34000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 847872 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB937D000 C:\WINDOWS\system32\drivers\P17.sys 843776 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xBF12F000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9110000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9C36000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF1DE000 C:\WINDOWS\System32\atiok3x2.dll 503808 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xACC07000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9037000 C:\WINDOWS\System32\Drivers\ax75c5i4.SYS 421888 bytes
0xB8F81000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACDA3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA94A4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB90C6000 C:\WINDOWS\System32\Drivers\vaxscsi.sys 303104 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xACD5C000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xA9840000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xACB30000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB92B6000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB8FDF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E77000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB946F000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xA9971000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9C09000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB930A000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xA8C50000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACC77000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB949C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACD0E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9E21000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xACD36000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA96DC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9359000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB944B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9336000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xACCEC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xACCCA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA91B4000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB92EA000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB9D14000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E47000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9BEF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA9EC0000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9EA7000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9E09000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EA5000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9CD6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9020000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9D79000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xA9F01000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9CED000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA9BAC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB94C4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACDFC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9CC3000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9D02000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E66000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB900F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xACEE7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA1D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9D21000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA298000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xA9D01000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA218000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA178000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA228000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xACB77000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA268000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA148000 C:\WINDOWS\system32\DRIVERS\pelmouse.sys 40960 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0xBA138000 C:\WINDOWS\system32\DRIVERS\pelusblf.sys 40960 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA97C0000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA8E16000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA118000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA158000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA1A8000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA308000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA468000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA480000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA410000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA390000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA458000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA358000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3B0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA9E93000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB8F6D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9B5E000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB90B2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9DDB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA9F57000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9B8C000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACA98000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB90B6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9B4E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA975C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xACE4B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9BAF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9BC3000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA600000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xBA5DA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5D6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5DE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B6000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA5C6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BC000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5CE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6BA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA702000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA738000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA7FB000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7F0000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0x8ABD61E8 unknown_irp_handler 3608 bytes
0x8A1051E8 unknown_irp_handler 3608 bytes
0x8A12D1E8 unknown_irp_handler 3608 bytes
0x8ABD81E8 unknown_irp_handler 3608 bytes
0x8A1791E8 unknown_irp_handler 3608 bytes
0x8ABD71E8 unknown_irp_handler 3608 bytes
0x8AC4A1E8 unknown_irp_handler 3608 bytes
0x8A14C1E8 unknown_irp_handler 3608 bytes
0x8A1191E8 unknown_irp_handler 3608 bytes
0x893D21E8 unknown_irp_handler 3608 bytes
0x89A2B428 unknown_irp_handler 3032 bytes
0x89082790 unknown_irp_handler 2160 bytes
0x8935D790 unknown_irp_handler 2160 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\vaxscsi.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
 
Also; computer emitting a beep every once in a while now. Don't know if in response to activity or not yet.
 
Beep coming from girlfriends laptop - sorry. I don't believe my computer has overheating issues. If you'd like I can still run said diagnostic.

As for messengers?
 
Beep coming from girlfriends laptop
Click to expand...
LOL

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Messengers working.

==========



ComboFix 11-09-08.03 - Mitchell Bonney 09/09/2011 0:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1428 [GMT -4:00]
Running from: c:\documents and settings\Mitchell Bonney\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\DotNetInstaller.exe.24e35199.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\DotNetInstaller.exe.5bce7e53.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\DotNetInstaller.exe.8a87a7f3.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\DotNetInstaller.exe.b445dd3c.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\DotNetInstaller.exe.ebbd018.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Mitchell Bonney\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\windows\kb913800.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mfc100deu.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 04:14 . 2011-09-09 04:14 -------- d-----w- C:\32788R22FWJFW
2011-09-09 00:59 . 2011-09-09 00:59 -------- d-----w- c:\program files\Common Files\Java
2011-09-09 00:59 . 2011-09-09 00:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-09 00:59 . 2011-09-09 00:59 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-09 00:59 . 2011-09-09 00:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-09 00:45 . 2011-09-09 00:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-09-08 21:12 . 2011-09-08 21:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-09-08 20:19 . 2011-09-08 20:19 -------- d-----w- c:\program files\Sophos
2011-09-08 19:34 . 2011-09-08 19:34 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\SUPERAntiSpyware.com
2011-09-08 19:34 . 2011-09-08 20:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-08 05:25 . 2011-09-08 05:25 -------- d-----w- C:\$AVG
2011-09-08 04:44 . 2011-09-08 04:44 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\AVG2012
2011-09-08 04:43 . 2011-09-08 22:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-08 04:43 . 2011-09-08 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-08 04:34 . 2011-09-08 04:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-08 04:23 . 2011-09-08 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-19 09:08 . 2011-08-19 09:08 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 09:08 . 2011-08-19 09:08 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-16 08:15 . 2011-09-02 06:36 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\CreeperWorld2
2011-08-10 08:37 . 2011-08-31 04:50 -------- d-----w- c:\documents and settings\Mitchell Bonney\riotsGamesLogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-11 05:14 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14 . 2011-07-11 05:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14 . 2011-07-11 05:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14 . 2011-07-11 05:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13 . 2011-07-11 05:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 05:13 . 2011-07-11 05:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-06 23:52 . 2010-06-01 00:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 18:28 . 2010-02-12 16:48 576000 ----a-w- c:\program files\ISSetup.dll
2010-02-12 18:22 . 2010-02-12 16:48 473 ----a-w- c:\program files\layout.bin
2010-02-09 21:32 . 2010-02-09 16:01 420928858 ----a-w- c:\program files\Setup_WK_100105.exe
2011-09-01 15:28 . 2011-05-15 10:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
Code: 
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm           .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\DAEMON Tools\daemon .exe
c:\program files\Gigaware\Gigaware Optical Mouse Driver\4.06\MOUSE32A .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Pando Networks\Media Booster\PMB .exe
c:\program files\QuickTime\qttask                                                             .exe
c:\windows\UpdReg .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\ICO .exe
</pre>
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\jBlLhKl08400 ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-20_23.02.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-09 02:35 . 2011-09-09 02:35 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat
+ 2011-05-31 03:06 . 2010-07-12 18:36 68592 c:\windows\system32\pxinsa64.exe
+ 2011-05-31 03:06 . 2010-07-12 18:36 72176 c:\windows\system32\pxhpinst.exe
+ 2011-05-31 03:06 . 2010-07-12 18:36 68080 c:\windows\system32\pxcpya64.exe
+ 2011-06-01 17:01 . 2011-06-01 17:01 91244 c:\windows\system32\mlfcache.dat
+ 2005-04-25 08:03 . 2010-07-12 18:36 45648 c:\windows\system32\drivers\pxhelp20.sys
+ 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\system32\dpl100.dll
+ 2011-09-02 06:40 . 2011-09-02 06:40 21504 c:\windows\Installer\91b66.msi
+ 2011-09-02 06:35 . 2011-09-02 06:35 21504 c:\windows\Installer\91b61.msi
+ 2011-08-16 18:34 . 2011-08-16 18:34 28160 c:\windows\Installer\85660.msi
+ 2010-12-17 15:10 . 2011-06-01 03:22 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-12-17 15:10 . 2010-12-17 15:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-05-31 03:06 . 2010-07-12 18:36 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2011-05-31 03:06 . 2010-07-12 18:36 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2011-05-31 03:00 . 2011-03-19 15:06 240640 c:\windows\system32\xvidvfw.dll
+ 2011-05-31 03:00 . 2011-03-19 15:04 650752 c:\windows\system32\xvidcore.dll
+ 2005-01-12 07:00 . 2010-07-12 18:36 100848 c:\windows\system32\VXBLOCK.dll
+ 2005-05-05 19:48 . 2010-07-12 18:36 440816 c:\windows\system32\PxWave.dll
+ 2005-05-05 19:49 . 2010-07-12 18:36 219632 c:\windows\system32\PxMas.dll
+ 2011-05-31 03:06 . 2010-07-12 18:36 126448 c:\windows\system32\pxinsi64.exe
+ 2005-05-06 07:01 . 2010-07-12 18:36 567792 c:\windows\system32\pxdrv.dll
+ 2011-05-31 03:06 . 2010-07-12 18:36 123888 c:\windows\system32\pxcpyi64.exe
+ 2011-05-31 03:06 . 2010-07-12 18:36 133616 c:\windows\system32\pxafs.dll
+ 2005-05-05 19:50 . 2010-07-12 18:36 698864 c:\windows\system32\Px.dll
+ 2011-05-28 19:10 . 2011-05-28 19:10 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-09-09 00:59 . 2011-09-09 00:59 157472 c:\windows\system32\javaws.exe
+ 2011-09-09 00:59 . 2011-09-09 00:59 145184 c:\windows\system32\javaw.exe
- 2007-01-31 05:51 . 2010-10-08 18:21 145184 c:\windows\system32\javaw.exe
- 2007-01-31 05:51 . 2010-10-08 18:21 145184 c:\windows\system32\java.exe
+ 2011-09-09 00:59 . 2011-09-09 00:59 145184 c:\windows\system32\java.exe
+ 2005-08-16 10:18 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2011-05-31 03:06 . 2011-05-31 03:06 169472 c:\windows\Installer\a8cd67.msi
+ 2011-09-09 00:59 . 2011-09-09 00:59 203776 c:\windows\Installer\103874e.msi
+ 2011-09-09 00:59 . 2011-09-09 00:59 902656 c:\windows\Installer\1038749.msi
+ 2011-07-13 17:37 . 2011-07-13 17:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-03-13 18:17 . 2011-03-13 18:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2005-01-26 20:39 . 2010-07-12 18:36 2120176 c:\windows\system32\PxSFS.DLL
+ 2009-10-28 03:40 . 2011-05-28 19:10 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-09-08 04:44 . 2011-09-08 04:44 4644864 c:\windows\Installer\9db5be.msi
+ 2011-09-08 04:43 . 2011-09-08 04:43 2185216 c:\windows\Installer\9db5ba.msi
- 2008-09-27 02:14 . 2008-09-27 02:14 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-13 17:37 . 2011-07-13 17:37 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-09-27 02:14 . 2008-09-27 02:14 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2006-04-16 06:21 . 2011-09-07 18:52 15047412 c:\windows\system32\Restore\rstrlog.dat
+ 2011-06-01 03:21 . 2011-06-01 03:21 20314624 c:\windows\Installer\39711c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-01 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"P17Helper"="P17.dll" [2004-06-10 60928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe -startup [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 22:51 60928 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{717CD258-221D-B048-C8BC-77A2923881A2}]
c:\documents and settings\Mitchell Bonney\Application Data\Onat\huycc.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hoard\\win32\\Reuben.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\DragonNest\\DragonNest.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"57061:TCP"= 57061:TCP:pando Media Booster
"57061:UDP"= 57061:UDP:pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/16/2005 11:17 PM 685816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [8/19/2011 6:24 AM 2399560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/5/2008 4:25 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [9/10/2006 9:15 PM 223128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [8/16/2011 6:27 AM 5264736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/10/2011 9:55 PM 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\47.tmp --> c:\windows\system32\47.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [5/1/2007 4:01 PM 132232]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 8:37 AM 26624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29007459
*NewlyCreated* - BLACKBOX
*NewlyCreated* - SASDIFSV
*Deregistered* - 29007459
*Deregistered* - BlackBox
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.15.1
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\47.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,48,db,83,08,d5,01,44,b6,4f,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,48,db,83,08,d5,01,44,b6,4f,c5,\
.
[HKEY_USERS\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,33,9b,09,22,8a,7c,2b,98,64,8c,38,72,6b,89,d9,27,25,6b,ae,2a,b1,e5,
44,3d,0b,82,a8,8e,ff,73,34,3a,17,82,fb,3d,fd,bf,27,81,58,aa,68,5f,f3,33,13,\
"??"=hex:10,56,f5,f3,d5,4b,82,43,42,30,94,10,0f,69,49,12
.
[HKEY_USERS\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\SecuROM\License information*]
"datasecu"=hex:39,d1,da,8f,43,de,63,45,00,bd,12,9d,5d,cd,f0,3d,df,95,eb,b2,32,
46,5c,46,e2,3c,57,43,e5,7a,a6,e3,b5,25,0f,8e,77,9c,62,39,ab,0c,7f,14,9f,ea,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-09-09 00:28:17
ComboFix-quarantined-files.txt 2011-09-09 04:28
ComboFix2.txt 2011-05-20 23:08
.
Pre-Run: 101,804,421,120 bytes free
Post-Run: 101,949,091,840 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6EF4ADBDFEB67B192CD656DD840CE12B
 
Good news but we still have work to do...

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

==================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm           .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\DAEMON Tools\daemon .exe
c:\program files\Gigaware\Gigaware Optical Mouse Driver\4.06\MOUSE32A .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Pando Networks\Media Booster\PMB .exe
c:\program files\QuickTime\qttask                                                             .exe
c:\windows\UpdReg .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\ICO .exe

File::
c:\documents and settings\Mitchell Bonney\Application Data\Onat\huycc.exe


DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{717CD258-221D-B048-C8BC-77A2923881A2}]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
::Did not find: Viewpoint Toolbar. ditched the other two pieces though.


ComboFix 11-09-09.01 - Mitchell Bonney 09/09/2011 1:06.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1225 [GMT -4:00]
Running from: c:\documents and settings\Mitchell Bonney\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mitchell Bonney\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\Mitchell Bonney\Application Data\Onat\huycc.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 00:59 . 2011-09-09 00:59 -------- d-----w- c:\program files\Common Files\Java
2011-09-09 00:59 . 2011-09-09 00:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-09 00:59 . 2011-09-09 00:59 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-09 00:59 . 2011-09-09 00:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-09 00:45 . 2011-09-09 00:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-09-08 21:12 . 2011-09-08 21:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-09-08 20:19 . 2011-09-08 20:19 -------- d-----w- c:\program files\Sophos
2011-09-08 19:34 . 2011-09-08 19:34 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\SUPERAntiSpyware.com
2011-09-08 19:34 . 2011-09-08 20:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-08 05:25 . 2011-09-08 05:25 -------- d-----w- C:\$AVG
2011-09-08 04:44 . 2011-09-08 04:44 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\AVG2012
2011-09-08 04:43 . 2011-09-08 22:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-08 04:43 . 2011-09-08 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-08 04:34 . 2011-09-08 04:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-08 04:23 . 2011-09-08 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-19 09:08 . 2011-08-19 09:08 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 09:08 . 2011-08-19 09:08 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-16 08:15 . 2011-09-02 06:36 -------- d-----w- c:\documents and settings\Mitchell Bonney\Application Data\CreeperWorld2
2011-08-10 08:37 . 2011-08-31 04:50 -------- d-----w- c:\documents and settings\Mitchell Bonney\riotsGamesLogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-11 05:14 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14 . 2011-07-11 05:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14 . 2011-07-11 05:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14 . 2011-07-11 05:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13 . 2011-07-11 05:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 05:13 . 2011-07-11 05:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-06 23:52 . 2010-06-01 00:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 18:28 . 2010-02-12 16:48 576000 ----a-w- c:\program files\ISSetup.dll
2010-02-12 18:22 . 2010-02-12 16:48 473 ----a-w- c:\program files\layout.bin
2010-02-09 21:32 . 2010-02-09 16:01 420928858 ----a-w- c:\program files\Setup_WK_100105.exe
2011-09-01 15:28 . 2011-05-15 10:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-09_04.26.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-14 19:38 . 2000-05-11 07:00 90112 c:\windows\UpdReg.exe
+ 2009-03-18 18:41 . 2006-10-23 17:54 56128 c:\windows\system32\ICO.exe
+ 2005-08-16 10:37 . 2005-08-05 19:56 64512 c:\windows\system32\dllcache\ehtray.exe
+ 2005-08-16 10:37 . 2005-08-05 19:56 64512 c:\windows\ehome\ehtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-09 2937528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"P17Helper"="P17.dll" [2004-06-10 60928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe -startup [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 22:51 60928 ----a-w- c:\windows\system32\P17.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hoard\\win32\\Reuben.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\DragonNest\\DragonNest.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"57061:TCP"= 57061:TCP:pando Media Booster
"57061:UDP"= 57061:UDP:pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/16/2005 11:17 PM 685816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [8/19/2011 6:24 AM 2399560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [9/10/2006 9:15 PM 223128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [8/16/2011 6:27 AM 5264736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/10/2011 9:55 PM 101904]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\47.tmp --> c:\windows\system32\47.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [5/1/2007 4:01 PM 132232]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 8:37 AM 26624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29007459
*NewlyCreated* - BLACKBOX
*NewlyCreated* - SASDIFSV
*Deregistered* - 29007459
*Deregistered* - BlackBox
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.15.1
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 01:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\47.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,48,db,83,08,d5,01,44,b6,4f,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,48,db,83,08,d5,01,44,b6,4f,c5,\
.
[HKEY_USERS\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,33,9b,09,22,8a,7c,2b,98,64,8c,38,72,6b,89,d9,27,25,6b,ae,2a,b1,e5,
44,3d,0b,82,a8,8e,ff,73,34,3a,17,82,fb,3d,fd,bf,27,81,58,aa,68,5f,f3,33,13,\
"??"=hex:10,56,f5,f3,d5,4b,82,43,42,30,94,10,0f,69,49,12
.
[HKEY_USERS\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\SecuROM\License information*]
"datasecu"=hex:39,d1,da,8f,43,de,63,45,00,bd,12,9d,5d,cd,f0,3d,df,95,eb,b2,32,
46,5c,46,e2,3c,57,43,e5,7a,a6,e3,b5,25,0f,8e,77,9c,62,39,ab,0c,7f,14,9f,ea,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Microsoft Office\Office10\msohev.dll
.
Completion time: 2011-09-09 01:18:18
ComboFix-quarantined-files.txt 2011-09-09 05:18
ComboFix2.txt 2011-09-09 04:28
ComboFix3.txt 2011-05-20 23:08
.
Pre-Run: 102,005,583,872 bytes free
Post-Run: 101,979,824,128 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 534E6CA96D1FFCED0FF455AB30AF3F34
 
Heading to bed, will check in the morning - might not post for 12ish hours though.

thank you for all the help <333
 
Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni said:
Combofix log looks good.

How is computer doing?
Click to expand...

Comp performs well.

Firefox takes 1-3 full minutes to load / operate is the only thing I notice. Not a huge issue.


OTL logfile created on: 9/9/2011 8:52:12 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Mitchell Bonney\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.48% Memory free
6.73 Gb Paging File | 6.05 Gb Available in Paging File | 89.85% Paging File free
Paging file location(s): C:\pagefile.sys 5000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.31 Gb Total Space | 94.96 Gb Free Space | 32.38% Space Free | Partition Type: NTFS
Drive D: | 608.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIT | User Name: Mitchell Bonney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 15:55:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\OTL.exe
PRC - [2011/09/01 11:28:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/08/19 06:24:00 | 002,387,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/08/19 06:23:54 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/08/19 06:23:54 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/09 12:00:59 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/04/01 13:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 11:28:47 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/28 15:10:50 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/03 11:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/09 12:00:59 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/09 17:12:40 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll
MOD - [2004/06/10 18:51:00 | 000,060,928 | ---- | M] () -- C:\WINDOWS\system32\P17.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (dlcc_device)
SRV - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/15 19:49:00 | 003,042,652 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/04/01 13:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/21 07:30:32 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/06/25 03:45:36 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/10 00:38:08 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/05 11:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 11:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/05/01 17:01:38 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH80C0.sys -- (SaiH80C0)
DRV - [2007/04/17 20:08:44 | 000,018,944 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2007/03/07 15:23:04 | 000,017,920 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2006/10/01 08:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/09/10 21:18:18 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2005/11/14 15:40:22 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/10 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/09 19:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.SYS -- (P17)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 15:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/09/22 15:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/30 23:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/30 23:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/08 00:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 14:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 20:59:28 | 000,000,000 | ---D | M]

[2010/01/07 13:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Extensions
[2011/05/30 23:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\extensions
[2011/03/04 11:48:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/30 23:02:14 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2010/06/03 22:18:23 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\searchplugins\googeefree.xml
[2010/06/03 22:11:50 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mozilla\Firefox\Profiles\kbmuwdfj.default\searchplugins\mozilla-add-ons.xml
[2011/09/08 20:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/08 20:59:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/08 20:59:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/01 11:28:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/08 20:59:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/19 05:08:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/09 00:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM2\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab (StagingUI Object)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab (ZoneBuddy Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} http://www.gamengame.com/KALogoutComponent.cab (Logout Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab53852.cab (StadiumProxy Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B354A92-848A-4D62-AA00-4FBF5ABC46AA}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mitchell Bonney\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mitchell Bonney\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.fvfw - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\Program Files\Combined Community Codec Pack\Filters\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 22:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2011/09/08 22:08:13 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mitchell Bonney\Desktop\tdsskiller.exe
[2011/09/08 20:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/08 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/08 20:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/09/08 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/09/08 18:37:22 | 008,239,264 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\Install_AIM.exe
[2011/09/08 18:24:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/08 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/09/08 16:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/09/08 15:57:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\TFC.exe
[2011/09/08 15:55:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\OTL.exe
[2011/09/08 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Application Data\SUPERAntiSpyware.com
[2011/09/08 15:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/08 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/08 14:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/08 14:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Desktop\backups
[2011/09/08 14:25:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\HijackThis.exe
[2011/09/08 14:22:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mitchell Bonney\Desktop\dds.scr
[2011/09/08 13:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Desktop\GooredFix Backups
[2011/09/08 01:25:26 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/09/08 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Application Data\AVG2012
[2011/09/08 00:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/08 00:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/08 00:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/09/08 00:43:33 | 004,201,277 | R--- | C] (Swearware) -- C:\Documents and Settings\Mitchell Bonney\Desktop\ComboFix.exe
[2011/09/08 00:34:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/08 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/08 00:22:08 | 003,894,928 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Mitchell Bonney\Desktop\avg_isct_stb_all_2012_1796.exe
[2011/09/07 14:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Recent
[2011/09/02 02:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2Editor
[2011/08/16 04:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011/08/16 04:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2
[2011/08/16 03:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell Bonney\Desktop\torrent DLs
[2010/02/12 12:48:46 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\ISSetup.dll
[2010/02/09 12:01:44 | 420,928,858 | ---- | C] (nDoors ) -- C:\Program Files\Setup_WK_100105.exe
[2005/11/14 15:15:08 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/09/09 18:42:00 | 103,272,122 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/09 14:14:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/09 14:14:30 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/09 01:05:22 | 004,201,277 | R--- | M] (Swearware) -- C:\Documents and Settings\Mitchell Bonney\Desktop\ComboFix.exe
[2011/09/09 00:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/08 23:39:53 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\RKUnhookerLE.EXE
[2011/09/08 22:08:21 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mitchell Bonney\Desktop\tdsskiller.exe
[2011/09/08 20:48:19 | 000,001,940 | ---- | M] () -- C:\IPH.PH
[2011/09/08 20:45:22 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/09/08 20:45:22 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/09/08 18:38:03 | 008,239,264 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\Install_AIM.exe
[2011/09/08 18:21:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\8psj55qf.exe
[2011/09/08 15:57:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\TFC.exe
[2011/09/08 15:56:23 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\SecurityCheck.exe
[2011/09/08 15:55:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\OTL.exe
[2011/09/08 15:34:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/08 14:25:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\HijackThis.exe
[2011/09/08 14:22:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mitchell Bonney\Desktop\dds.scr
[2011/09/08 00:55:26 | 000,660,945 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/09/08 00:44:21 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/08 00:22:26 | 003,894,928 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mitchell Bonney\Desktop\avg_isct_stb_all_2012_1796.exe
[2011/09/07 16:33:29 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\unhide.exe
[2011/09/07 15:25:53 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\iExplore.exe
[2011/09/07 15:21:48 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\rkill.com
[2011/09/07 14:15:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/09/04 18:27:43 | 000,003,859 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\z.blt
[2011/09/02 02:40:53 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2 Editor.lnk
[2011/09/02 02:40:37 | 013,606,725 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\CW2Editor-0314.air
[2011/09/02 02:35:51 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2.lnk
[2011/09/02 02:29:25 | 013,230,256 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\cw2PATCH-0307.air

========== Files Created - No Company Name ==========

[2011/09/09 18:42:00 | 103,272,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/08 23:40:02 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\RKUnhookerLE.EXE
[2011/09/08 20:45:22 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/09/08 18:22:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\8psj55qf.exe
[2011/09/08 15:56:10 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\SecurityCheck.exe
[2011/09/08 15:42:01 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 15:34:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/08 00:55:26 | 000,660,945 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/09/08 00:44:21 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/07 16:48:49 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/09/07 16:48:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/07 16:33:45 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\unhide.exe
[2011/09/07 15:25:40 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\iExplore.exe
[2011/09/07 15:21:39 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\rkill.com
[2011/09/04 18:27:43 | 000,003,859 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\z.blt
[2011/09/02 02:40:53 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Creeper World 2 Editor.lnk
[2011/09/02 02:40:53 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2 Editor.lnk
[2011/09/02 02:38:18 | 013,606,725 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\CW2Editor-0314.air
[2011/09/02 02:35:51 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Creeper World 2.lnk
[2011/09/02 02:28:16 | 013,230,256 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\cw2PATCH-0307.air
[2011/08/16 04:02:26 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2.lnk
[2011/06/01 13:01:46 | 000,091,244 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/30 23:00:18 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/30 23:00:18 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/20 18:39:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 18:39:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 18:39:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 18:39:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 18:39:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/01/26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/24 19:07:18 | 000,744,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/13 14:54:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sqego.dat
[2010/09/13 14:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ovahoqiwogijani.bin
[2010/09/06 18:39:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qYBlgRqT.dat
[2010/04/21 21:39:46 | 000,000,122 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/21 21:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/12 12:48:46 | 680,456,660 | ---- | C] () -- C:\Program Files\data2.cab
[2010/02/12 12:48:46 | 001,669,931 | ---- | C] () -- C:\Program Files\setup.isn
[2010/02/12 12:48:46 | 000,255,768 | ---- | C] () -- C:\Program Files\setup.inx
[2010/02/12 12:48:46 | 000,001,224 | ---- | C] () -- C:\Program Files\setup.ini
[2010/02/12 12:48:46 | 000,000,473 | ---- | C] () -- C:\Program Files\layout.bin
[2010/02/12 12:48:45 | 001,061,129 | ---- | C] () -- C:\Program Files\data1.cab
[2010/02/12 12:48:45 | 000,354,857 | ---- | C] () -- C:\Program Files\data1.hdr
[2010/02/12 12:48:45 | 000,021,494 | ---- | C] () -- C:\Program Files\0x0409.ini
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/01/11 23:40:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/13 14:48:06 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/11/13 14:48:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/04/22 18:14:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/31 01:08:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0CBCF273F3.sys
[2009/03/18 14:41:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\HorizontalScroll.exe
[2009/03/09 23:23:21 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/03/09 23:23:21 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2007/11/20 07:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/10/10 00:28:13 | 000,098,058 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2007/05/01 16:01:36 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0.Dll
[2007/05/01 16:01:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0C.dll
[2007/05/01 16:01:36 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_10.dll
[2007/05/01 16:01:36 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0A.dll
[2007/05/01 16:01:36 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_07.dll
[2007/05/01 16:01:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_09.dll
[2007/05/01 16:01:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0402.dll
[2007/05/01 16:01:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_11.dll
[2007/02/02 03:11:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/10 21:15:54 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/08/06 01:21:29 | 000,134,827 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Cosmos Prefs
[2006/08/04 04:53:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\UnInstall_KAccess.exe
[2006/05/15 01:57:47 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A04A56DF81.sys
[2006/05/05 20:47:09 | 000,000,975 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/04/15 03:06:44 | 000,004,392 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/01 15:02:01 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/03/26 20:35:05 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/01/06 12:34:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/02 02:52:15 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/17 02:22:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/11/17 01:47:49 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/11/17 00:59:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/17 00:59:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/17 00:59:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/16 22:02:54 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\PFP120JPR.{PB
[2005/11/16 22:02:54 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\PFP120JCM.{PB
[2005/11/16 20:00:41 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/11/16 20:00:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/11/16 20:00:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/11/16 20:00:39 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2005/11/16 20:00:39 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2005/11/16 20:00:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/11/16 20:00:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/11/16 20:00:38 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/11/16 20:00:38 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/11/16 20:00:38 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/11/16 20:00:38 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/11/16 20:00:37 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/11/16 20:00:37 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/11/16 20:00:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/11/16 20:00:35 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/11/16 20:00:35 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/11/16 20:00:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/11/16 20:00:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/11/16 20:00:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/11/16 20:00:31 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/11/16 20:00:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/11/16 19:40:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/16 19:26:28 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Local Settings\Application Data\fusioncache.dat
[2005/11/14 15:47:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/14 15:45:39 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/14 15:41:33 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/14 15:39:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/14 15:38:10 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/11/14 15:38:09 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/11/14 15:37:55 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/11/14 15:15:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/11/14 15:14:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/14 15:14:14 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 06:27:59 | 000,413,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 06:18:42 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 06:18:33 | 001,246,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 06:18:33 | 000,379,606 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(9).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(8).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(7).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(6).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(5).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(4).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(3).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(15).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(14).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(13).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(12).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(11).dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(10).dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17(20).dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17(19).dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17(18).dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17(17).dll
[2005/05/03 20:38:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17(16).dll
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/12/05 16:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/07 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/09/08 00:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/09/11 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/08 00:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/19 20:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/06/01 16:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/09 18:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/12/25 12:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/08/01 04:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/08/01 04:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/09/05 00:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/07/10 15:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/21 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/03/02 01:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/09/21 00:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/09 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/08 02:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/29 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\79B26CF3DE195F0DC8A22992491F0BD1
[2008/12/05 16:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\acccore
[2008/12/05 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Aim
[2010/06/01 16:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Atari
[2011/09/08 00:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\AVG2012
[2007/11/05 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\BitTorrent
[2010/04/19 00:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperMap
[2010/04/19 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2010/04/19 01:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld
[2010/04/19 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1
[2010/04/19 00:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011/09/02 02:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2
[2011/08/16 04:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011/09/02 02:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorld2Editor
[2010/01/05 18:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011/05/30 23:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\DDMSettings
[2010/06/01 20:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\DNA
[2008/10/20 10:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\EATCAM
[2006/01/07 13:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Firaxis Games
[2010/09/09 14:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\GlarySoft
[2007/08/09 23:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\ijjigame
[2010/06/01 19:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\IObit
[2006/09/14 22:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Leadertech
[2010/05/11 20:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\LolClient
[2010/02/12 15:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/05/02 20:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Mumble
[2009/11/09 14:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\My Games
[2007/07/26 10:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Nexon
[2010/11/20 16:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Onat
[2009/08/16 18:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\ooVoo Details
[2006/07/21 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Prevx
[2010/06/01 16:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\runic games
[2011/03/11 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\TeamViewer
[2007/09/21 20:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\TuneUp Software
[2011/09/07 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\uTorrent
[2010/11/20 14:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Wiby
[2008/09/26 22:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell Bonney\Application Data\Wizards of the Coast

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/20 19:57:50 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/09/07 14:15:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/09 01:18:19 | 000,016,729 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/04 00:06:01 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
[2011/09/09 14:14:30 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 19:19:49 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2011/09/08 20:48:19 | 000,001,940 | ---- | M] () -- C:\IPH.PH
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/27 14:59:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/09 14:14:29 | 947,912,703 | -HS- | M] () -- C:\pagefile.sys
[2011/09/08 15:38:37 | 000,000,495 | ---- | M] () -- C:\rapport.txt
[2011/09/07 21:56:07 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2005/11/14 15:40:38 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/09/08 14:32:49 | 000,050,696 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_08.09.2011_14.32.36_log.txt
[2011/09/08 15:35:34 | 000,049,784 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_08.09.2011_15.35.10_log.txt
[2011/09/08 22:33:10 | 000,058,088 | ---- | M] () -- C:\TDSSKiller.2.5.20.0_08.09.2011_22.08.22_log.txt
[2011/09/08 22:38:05 | 000,057,390 | ---- | M] () -- C:\TDSSKiller.2.5.20.0_08.09.2011_22.35.47_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 06:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/06/13 00:48:22 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlccPP5C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/12 13:01:00 | 000,021,494 | ---- | M] () -- C:\Program Files\0x0409.ini
[2010/02/12 14:33:50 | 001,061,129 | ---- | M] () -- C:\Program Files\data1.cab
[2010/02/12 14:24:00 | 000,354,857 | ---- | M] () -- C:\Program Files\data1.hdr
[2010/02/12 15:10:16 | 680,456,660 | ---- | M] () -- C:\Program Files\data2.cab
[2010/02/12 14:28:45 | 000,576,000 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\ISSetup.dll
[2010/02/12 14:22:49 | 000,000,473 | ---- | M] () -- C:\Program Files\layout.bin
[2010/02/12 14:23:35 | 000,001,224 | ---- | M] () -- C:\Program Files\setup.ini
[2010/02/12 14:28:18 | 000,255,768 | ---- | M] () -- C:\Program Files\setup.inx
[2010/02/12 14:34:49 | 001,669,931 | ---- | M] () -- C:\Program Files\setup.isn
[2010/02/09 17:32:48 | 420,928,858 | ---- | M] (nDoors ) -- C:\Program Files\Setup_WK_100105.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 06:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 06:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 06:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/27 15:07:14 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/27 15:32:32 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/02/27 15:32:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/08 18:21:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\8psj55qf.exe
[2011/09/08 13:41:31 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Mitchell Bonney\Desktop\ATF_Cleaner.exe
[2011/09/08 00:22:26 | 003,894,928 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mitchell Bonney\Desktop\avg_isct_stb_all_2012_1796.exe
[2011/09/09 01:05:22 | 004,201,277 | R--- | M] (Swearware) -- C:\Documents and Settings\Mitchell Bonney\Desktop\ComboFix.exe
[2011/09/08 14:25:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\HijackThis.exe
[2011/09/07 15:25:53 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\iExplore.exe
[2011/09/08 18:38:03 | 008,239,264 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\Install_AIM.exe
[2011/09/08 20:50:24 | 000,908,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\jre-6u27-windows-i586-iftw.exe
[2011/09/08 20:58:55 | 017,127,200 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mitchell Bonney\Desktop\jre-6u27-windows-i586-s.exe
[2011/09/08 15:55:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\OTL.exe
[2011/09/08 23:39:53 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\RKUnhookerLE.EXE
[2011/09/08 15:56:23 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\SecurityCheck.exe
[2011/09/08 22:08:21 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mitchell Bonney\Desktop\tdsskiller.exe
[2011/09/08 15:57:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell Bonney\Desktop\TFC.exe
[2011/09/07 16:33:29 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/27 15:32:32 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Mitchell Bonney\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/12 17:39:09 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2010/09/15 18:11:27 | 000,000,016 | ---- | M] () -- C:\Program Files\Mozilla Firefox\dmlconf.dat

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/09 16:16:52 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Mitchell Bonney\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
========== Files Created - No Company Name ==========

[2011/09/09 18:42:00 | 103,272,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/08 23:40:02 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\RKUnhookerLE.EXE
[2011/09/08 20:45:22 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/09/08 18:22:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\8psj55qf.exe
[2011/09/08 15:56:10 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\SecurityCheck.exe
[2011/09/08 15:42:01 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 15:34:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/08 00:55:26 | 000,660,945 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/09/08 00:44:21 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/07 16:48:49 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/09/07 16:48:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/07 16:33:45 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\unhide.exe
[2011/09/07 15:25:40 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\iExplore.exe
[2011/09/07 15:21:39 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\rkill.com
[2011/09/04 18:27:43 | 000,003,859 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\z.blt
[2011/09/02 02:40:53 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Creeper World 2 Editor.lnk
[2011/09/02 02:40:53 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2 Editor.lnk
[2011/09/02 02:38:18 | 013,606,725 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\CW2Editor-0314.air
[2011/09/02 02:35:51 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Creeper World 2.lnk
[2011/09/02 02:28:16 | 013,230,256 | ---- | C] () -- C:\Documents and Settings\Mitchell Bonney\Desktop\cw2PATCH-0307.air
[2011/08/16 04:02:26 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creeper World 2.lnk
[2011/06/01 13:01:46 | 000,091,244 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/30 23:00:18 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/30 23:00:18 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/20 18:39:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 18:39:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 18:39:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 18:39:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 18:39:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/01/26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/24 19:07:18 | 000,744,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/13 14:54:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sqego.dat
[2010/09/13 14:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ovahoqiwogijani.bin
[2010/09/06 18:39:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qYBlgRqT.dat
[2010/04/21 21:39:46 | 000,000,122 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/21 21:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/12 12:48:46 | 680,456,660 | ---- | C] () -- C:\Program Files\data2.cab
[2010/02/12 12:48:46 | 001,669,931 | ---- | C] () -- C:\Program Files\setup.isn
[2010/02/12 12:48:46 | 000,255,768 | ---- | C] () -- C:\Program Files\setup.inx
[2010/02/12 12:48:46 | 000,001,224 | ---- | C] () -- C:\Program Files\setup.ini
[2010/02/12 12:48:46 | 000,000,473 | ---- | C] () -- C:\Program Files\layout.bin
[2010/02/12 12:48:45 | 001,061,129 | ---- | C] () -- C:\Program Files\data1.cab
[2010/02/12 12:48:45 | 000,354,857 | ---- | C] () -- C:\Program Files\data1.hdr
[2010/02/12 12:48:45 | 000,021,494 | ---- | C] () -- C:\Program Files\0x0409.ini
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/01/11 23:40:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/13 14:48:06 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/11/13 14:48:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/04/22 18:14:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/31 01:08:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0CBCF273F3.sys
[2009/03/18 14:41:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\HorizontalScroll.exe
[2009/03/09 23:23:21 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/03/09 23:23:21 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2007/11/20 07:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/10/10 00:28:13 | 000,098,058 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2007/05/01 16:01:36 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32
 
Good news :)

I still need Extras.txt.

Firefox takes 1-3 full minutes to load / operate is the only thing I notice
Click to expand...
If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
Same issue?
 
Broni said:
Good news :)

I still need Extras.txt.


If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
Same issue?
Click to expand...

using 6.0.2

only have 5 addons running and they're flash / divx related.

Tried and only minimal change.


OTL Extras logfile created on: 9/8/2011 3:55:47 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Mitchell Bonney\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.77% Memory free
6.73 Gb Paging File | 5.86 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.31 Gb Total Space | 95.22 Gb Free Space | 32.47% Space Free | Partition Type: NTFS
Drive D: | 608.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIT | User Name: Mitchell Bonney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57061:TCP" = 57061:TCP:*:Enabled:pando Media Booster
"57061:UDP" = 57061:UDP:*:Enabled:pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
"8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
"6897:TCP" = 6897:TCP:*:Enabled:League of Legends Launcher
"6897:UDP" = 6897:UDP:*:Enabled:League of Legends Launcher
"6974:TCP" = 6974:TCP:*:Enabled:League of Legends Launcher
"6974:UDP" = 6974:UDP:*:Enabled:League of Legends Launcher
"6936:TCP" = 6936:TCP:*:Enabled:League of Legends Launcher
"6936:UDP" = 6936:UDP:*:Enabled:League of Legends Launcher
"6941:TCP" = 6941:TCP:*:Enabled:League of Legends Launcher
"6941:UDP" = 6941:UDP:*:Enabled:League of Legends Launcher
"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher
"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher
"6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher
"6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher
"6934:TCP" = 6934:TCP:*:Enabled:League of Legends Launcher
"6934:UDP" = 6934:UDP:*:Enabled:League of Legends Launcher
"6881:TCP" = 6881:TCP:*:Enabled:League of Legends Launcher
"6881:UDP" = 6881:UDP:*:Enabled:League of Legends Launcher
"8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
"8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6924:TCP" = 6924:TCP:*:Enabled:League of Legends Launcher
"6924:UDP" = 6924:UDP:*:Enabled:League of Legends Launcher
"57061:TCP" = 57061:TCP:*:Enabled:pando Media Booster
"57061:UDP" = 57061:UDP:*:Enabled:pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe" = C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe:*:Enabled:HOARD -- ()
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\DragonNest\DragonNest.exe" = C:\Nexon\DragonNest\DragonNest.exe:*:Enabled:Dragon Nest -- ()
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09F4655B-C804-4AD0-B7DF-078E338F8F85}" = League of Legends
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62C81505-65E8-BBFF-5A9B-23958770F694}" = BannedStory
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7952E339-4EFE-33EB-1E4B-942F02DB7FCC}" = Creeper World
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6CCAEF5-F141-4BBE-A6DA-EA8A8362C7A6}" = MapleStory
"{A819907C-5912-4471-91D7-D94885A2C40B}" = AVG 2012
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B09B47DC-8775-9A6D-C482-1265E615E87D}" = Creeper World DEMO
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C47311FF-4C46-C14C-71AA-B12D7251A7C6}" = Creeper World 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF98260-1FE9-4CEC-ACE7-88EE3158F23C}" = AVG 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D4867EBA-B0AC-AE72-B0E1-8371A88E0542}" = Creeper World 2 Editor
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEDBE2DF-4141-44A9-8614-9832B16637E6}" = Mouse Suite
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C65A7E-B87E-78A4-DD8F-142D785D512F}" = Creeper World
"{F94CFF0E-600E-4E1C-A0A5-5053C1816A9F}" = League of Legends
"{FA2CAF30-062F-8B00-86B9-46840A81802F}" = Creeper World Map Editor
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AOL Instant Messenger" = AOL Instant Messenger
"AstroPop Deluxe 1.1" = AstroPop Deluxe 1.1
"AVG" = AVG 2012
"BannedStory1.60 Updates" = BannedStory
"bs.BannedStory.B138736892407FF2891DACB3EC40AB4373DCB810.1" = BannedStory 3.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack" = Combined Community Codec Pack 2006-07-28 (Remove Only)
"CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World Map Editor
"CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
"CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World
"CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World 2
"CreeperWorld2Editor" = Creeper World 2 Editor
"CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World DEMO
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DivX Setup.divx.com" = DivX Setup
"DragonNest" = DragonNest
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Gigaware Gigaware Optical Mouse Driver" = Gigaware Optical Mouse Driver 4.06
"Gmask 1.70 English" = Gmask 1.70 English
"ie8" = Windows Internet Explorer 8
"Iggle Pop Deluxe 1.0" = Iggle Pop Deluxe 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"P16x Audio UG" = Audio User's Guide
"Peggle Nights" = Peggle Nights
"Plants vs. Zombies" = Plants vs. Zombies
"PlayFLV" = PlayFLV
"Postal 2_is1" = Portal 2
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"ST6UNST #1" = Hero Editor V0.96
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 400" = Portal
"Steam App 63000" = HOARD
"Talismania Deluxe 1.1" = Talismania Deluxe 1.1
"TeamViewer 6" = TeamViewer 6
"TightVNC_is1" = TightVNC 1.3.9
"Total Annihilation" = Total Annihilation
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Water Bugs 1.15" = Water Bugs 1.15
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"090215de958f1060" = Curse Client
"309a46b1dc89b774" = Dell Driver Download Manager
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {41ECDB40-7AE2-4178-8492-8CC39BA61E1D} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {42E138AC-A79E-4A06-8A38-BBF8B3266A4E} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

[ Media Center Events ]
Error - 11/4/2007 9:41:49 AM | Computer Name = KIT | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/4/2007 8:41:49 AM. You may need to reschedule your recordings.

Error - 11/4/2007 9:41:49 AM | Computer Name = KIT | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/4/2007 8:41:49 AM. You may need to reschedule your recordings.

[ System Events ]
Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:34 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:35 PM | Computer Name = KIT | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:45 PM | Computer Name = KIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2011 3:43:47 PM | Computer Name = KIT | Source = Service Control Manager | ID = 7034
Description = The COM+ System Application service terminated unexpectedly. It has
done this 3 time(s).


< End of report >
 
AVG may be slowing your Firefox startup.
Restart computer in Safe Mode with Networking and see how FF does there.

===================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-1463401446-3382454345-1865732347-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
[2009/03/31 01:08:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0CBCF273F3.sys
[2006/05/15 01:57:47 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A04A56DF81.sys
[2011/09/09 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 

Similar threads

S
Microsoft's October Windows 11 update adds AI shortcuts, tighter security, and a more unified Settings app
Replies
15
Views
385
ScottSoapbox
S
Daniel Sims
Ex-Windows developer, Task Manager creator says Windows 11 needs an XP Service Pack 2 moment
Replies
16
Views
190
Rapob
R
S
Windows 11 25H2 enters release preview with stable, incremental changes
Replies
4
Views
257
Win7User
W

Latest posts

Back