Solved Google redirect virus

[tameus1]

Hello, I believe I have a google redirect virus affecting my computer. A few notes...
1. Safe mode will not load, it just reboots.
2. Google gets redirected, yahoo does at random times
Thanks in advance.

mbam log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
user :: TAMEUS [administrator]

7/9/2012 7:15:52 PM
mbam-log-2012-07-09 (19-15-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243066
Time elapsed: 19 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-09 19:11:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000032 Hitachi_HDS721680PLA380 rev.P21OABEA
Running: 2kzgxo6y.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwtdipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Devices - GMER 1.0.15 ----

Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by user at 19:13:06 on 2012-07-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.677 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
mStart Page = hxxp://www.yahoo.com/?.home=ytie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [EPSON WorkForce 435 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihra.exe /fu "c:\docume~1\user\locals~1\temp\E_SFC.tmp" /EF "HKCU"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Adobe] rundll32.exe "c:\documents and settings\user\local settings\application data\ahead\adobe\sntgqwvip.dll",CreateInstance
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301776445218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{438FB883-A8D6-4C2F-90DC-8821C3C87A0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B3BA2CA1-666E-467E-A7FA-CC11D685D771} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CE2642E7-A62D-4365-8734-B5229C2666AC} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\hiaqg9mz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\hiaqg9mz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 Ext2FS;Ext2FS;c:\windows\system32\drivers\ext2fs.sys [2009-10-1 37840]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-3-17 513408]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-12-7 285152]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-12-7 642432]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-1 253600]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-10-18 17149]
S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2001-7-13 1745168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-25 113120]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-12-7 50704]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-25 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-25 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-08 19:56:21 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c783904-ab2e-4133-b750-cb4fa49057f9}\mpengine.dll
2012-07-08 19:50:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-08 00:26:43 -------- d-----w- c:\windows\pss
2012-07-07 21:40:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:21:27 -------- d-----w- c:\program files\CCleaner
2012-06-25 23:05:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-17 06:23:17 -------- d-----w- c:\documents and settings\user\ZipForm
.
==================== Find3M ====================
.
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-02 04:27:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-02 04:27:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS721680PLA380 rev.P21OABEA -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF524B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8af5993c]; MOV EAX, [0x8af59ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8B052AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000072[0x8B01BAC0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AFF9030]
\Driver\nvata[0x8AFDDF38] -> IRP_MJ_CREATE -> 0x8AF524B1
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:14:41.93 ===============
ATTACH log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2007 1:18:47 PM
System Uptime: 7/9/2012 6:54:14 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 20.347 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: - No root directory. Drive type could not be determined.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: 8500 A909g,192.168.1.3
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP855: 6/8/2012 10:50:56 PM - Software Distribution Service 3.0
RP856: 6/9/2012 10:19:55 PM - Software Distribution Service 3.0
RP857: 6/9/2012 11:45:28 PM - Software Distribution Service 3.0
RP858: 6/10/2012 2:12:32 PM - Software Distribution Service 3.0
RP859: 6/10/2012 4:13:57 PM - Software Distribution Service 3.0
RP860: 6/11/2012 3:00:16 AM - Software Distribution Service 3.0
RP861: 6/11/2012 8:57:24 PM - Software Distribution Service 3.0
RP862: 6/11/2012 9:05:20 PM - Software Distribution Service 3.0
RP863: 6/11/2012 11:19:44 PM - Software Distribution Service 3.0
RP864: 6/12/2012 11:38:09 PM - Software Distribution Service 3.0
RP865: 6/13/2012 5:36:26 PM - Software Distribution Service 3.0
RP866: 6/13/2012 11:58:27 PM - Software Distribution Service 3.0
RP867: 6/15/2012 12:21:07 AM - System Checkpoint
RP868: 6/15/2012 3:00:23 AM - Software Distribution Service 3.0
RP869: 6/16/2012 3:00:21 AM - Software Distribution Service 3.0
RP870: 6/16/2012 5:16:24 PM - Software Distribution Service 3.0
RP871: 6/17/2012 12:42:20 AM - Software Distribution Service 3.0
RP872: 6/17/2012 8:12:26 PM - Software Distribution Service 3.0
RP873: 6/18/2012 1:01:06 AM - Software Distribution Service 3.0
RP874: 6/18/2012 11:33:10 PM - Software Distribution Service 3.0
RP875: 6/19/2012 6:55:24 PM - Software Distribution Service 3.0
RP876: 6/19/2012 11:26:39 PM - Software Distribution Service 3.0
RP877: 6/20/2012 9:45:52 PM - Software Distribution Service 3.0
RP878: 6/21/2012 12:38:07 AM - Software Distribution Service 3.0
RP879: 6/22/2012 8:42:49 PM - Software Distribution Service 3.0
RP880: 6/22/2012 11:07:03 PM - Software Distribution Service 3.0
RP881: 6/23/2012 9:14:20 PM - Software Distribution Service 3.0
RP882: 6/24/2012 1:47:45 PM - Software Distribution Service 3.0
RP883: 6/24/2012 11:38:22 PM - Software Distribution Service 3.0
RP884: 6/25/2012 11:17:49 AM - Software Distribution Service 3.0
RP885: 6/25/2012 7:59:14 PM - Software Distribution Service 3.0
RP886: 6/26/2012 3:00:18 AM - Software Distribution Service 3.0
RP887: 6/26/2012 7:53:54 PM - Software Distribution Service 3.0
RP888: 6/27/2012 10:24:04 PM - Software Distribution Service 3.0
RP889: 6/28/2012 3:00:24 AM - Software Distribution Service 3.0
RP890: 6/28/2012 8:15:27 PM - Software Distribution Service 3.0
RP891: 6/29/2012 3:00:15 AM - Software Distribution Service 3.0
RP892: 7/1/2012 1:01:34 PM - Software Distribution Service 3.0
RP893: 7/1/2012 1:11:28 PM - Software Distribution Service 3.0
RP894: 7/1/2012 3:45:35 PM - Software Distribution Service 3.0
RP895: 7/1/2012 3:55:19 PM - Software Distribution Service 3.0
RP896: 7/2/2012 6:37:18 PM - Software Distribution Service 3.0
RP897: 7/2/2012 11:56:57 PM - Software Distribution Service 3.0
RP898: 7/4/2012 1:28:09 AM - Software Distribution Service 3.0
RP899: 7/4/2012 12:51:48 PM - Software Distribution Service 3.0
RP900: 7/4/2012 3:35:31 PM - Software Distribution Service 3.0
RP901: 7/5/2012 12:43:40 AM - Software Distribution Service 3.0
RP902: 7/6/2012 12:32:45 AM - Software Distribution Service 3.0
RP903: 7/6/2012 1:42:54 AM - Software Distribution Service 3.0
RP904: 7/6/2012 6:51:09 PM - Software Distribution Service 3.0
RP905: 7/6/2012 10:19:41 PM - Software Distribution Service 3.0
RP906: 7/6/2012 11:38:41 PM - Software Distribution Service 3.0
RP907: 7/7/2012 9:42:02 AM - Software Distribution Service 3.0
RP908: 7/7/2012 9:59:20 AM - Software Distribution Service 3.0
RP909: 7/8/2012 12:29:54 AM - Software Distribution Service 3.0
RP910: 7/8/2012 12:06:38 PM - Software Distribution Service 3.0
RP911: 7/8/2012 12:33:09 PM - Removed Microsoft Silverlight
RP912: 7/8/2012 12:33:57 PM - Removed The Witcher
RP913: 7/8/2012 12:35:12 PM - Software Distribution Service 3.0
RP914: 7/9/2012 5:50:49 PM - System Checkpoint
RP915: 7/9/2012 6:43:59 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Amazon Software Downloader
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Creative Software AutoUpdate
Creative System Information
DivX Content Uploader
DivX Web Player
DocProc
Epson Connect
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
FINAL FANTASY XIV
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HPSSupply
InfraRecorder
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Kies mini
Magic DVD Ripper V5.5.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-US)
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero OEM
Nero Toolbar Updater
Nero Update
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NETGEAR WNA3100 wireless USB 2.0 adapter
Network
NVDVD
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OCCT Perestroika 2.0.1
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
QuickBooks
QuickBooks Premier: Retail Edition 2008
QuickBooks Pro 2009
QuickTime
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
Skype™ 5.5
Sound Blaster X-Fi
Spybot - Search & Destroy
SupportSoft Assisted Service
Toolbox
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 wcalbpm
TurboTax 2008 wcasbpm
TurboTax 2008 whiiper
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 wcalbpm
TurboTax 2009 wcasbpm
TurboTax 2009 whiiper
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 wcalbpm
TurboTax 2010 wcasbpm
TurboTax 2010 whiiper
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 wcasbpm
TurboTax 2011 whiiper
TurboTax 2011 WinBizFedFormset
TurboTax 2011 WinBizReleaseEngine
TurboTax 2011 WinBizTaxSupport
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Business 2007
TurboTax Business 2008
TurboTax Business 2009
TurboTax Business 2010
TurboTax Business 2011
TurboTax Deluxe 2007
TurboTax Home & Business 2007
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 6:56:22 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9ef28cd, parameter3 9d07d2cc, parameter4 00000000.
7/9/2012 3:34:35 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/8/2012 12:53:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/8/2012 12:53:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/7/2012 9:39:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/7/2012 9:39:05 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/7/2012 9:37:03 AM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.129.1102.0;1.129.1102.0 Engine version: 1.1.8502.0
7/7/2012 5:23:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/7/2012 4:47:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus SASKUTIL
7/7/2012 12:52:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
7/6/2012 6:54:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
7/6/2012 6:54:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
7/6/2012 6:50:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
7/6/2012 6:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
7/6/2012 6:49:44 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2012 5:05:07 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
7/6/2012 12:22:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/6/2012 12:22:30 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2012 11:22:48 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: %%16389
7/6/2012 10:16:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSWNA3100 service.
7/6/2012 10:14:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMDM PMSP Service service to connect.
7/6/2012 10:14:35 PM, error: Service Control Manager [7000] - The WMDM PMSP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2012 10:14:35 PM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.
7/3/2012 10:37:25 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[tameus1]

RogueKiller will not run, computer just reboots. Renamed to winlogon.exe and had same result.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 21:10:39
-----------------------------
21:10:39.578 OS Version: Windows 5.1.2600 Service Pack 3
21:10:39.578 Number of processors: 2 586 0xF0B
21:10:39.578 ComputerName: TAMEUS UserName: user
21:10:42.125 Initialize success
21:22:31.968 AVAST engine defs: 12070901
21:22:42.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
21:22:42.546 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABEA Size: 76319MB BusType: 3
21:22:42.546 Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
21:22:42.546 Disk 0 MBR read error 0
21:22:42.546 Disk 0 MBR scan
21:22:42.609 Disk 0 unknown MBR code
21:22:42.609 MBR BIOS signature not found 0
21:22:42.609 Disk 0 scanning sectors +156280320
21:22:42.671 Disk 0 scanning C:\WINDOWS\system32\drivers
21:22:59.593 Service scanning
21:23:25.593 Modules scanning
21:23:50.250 Disk 0 trace - called modules:
21:23:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af4e4b1]<<
21:23:50.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b052ab8]
21:23:50.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b01bac0]
21:23:50.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aff9030]
21:23:50.250 \Driver\nvata[0x8b08ee30] -> IRP_MJ_CREATE -> 0x8af4e4b1
21:23:51.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
21:23:51.437 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 21:10:39
-----------------------------
21:10:39.578 OS Version: Windows 5.1.2600 Service Pack 3
21:10:39.578 Number of processors: 2 586 0xF0B
21:10:39.578 ComputerName: TAMEUS UserName: user
21:10:42.125 Initialize success
21:22:31.968 AVAST engine defs: 12070901
21:22:42.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
21:22:42.546 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABEA Size: 76319MB BusType: 3
21:22:42.546 Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
21:22:42.546 Disk 0 MBR read error 0
21:22:42.546 Disk 0 MBR scan
21:22:42.609 Disk 0 unknown MBR code
21:22:42.609 MBR BIOS signature not found 0
21:22:42.609 Disk 0 scanning sectors +156280320
21:22:42.671 Disk 0 scanning C:\WINDOWS\system32\drivers
21:22:59.593 Service scanning
21:23:25.593 Modules scanning
21:23:50.250 Disk 0 trace - called modules:
21:23:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af4e4b1]<<
21:23:50.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b052ab8]
21:23:50.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b01bac0]
21:23:50.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aff9030]
21:23:50.250 \Driver\nvata[0x8b08ee30] -> IRP_MJ_CREATE -> 0x8af4e4b1
21:23:51.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
21:23:51.437 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
21:23:52.500 AVAST engine scan C:\WINDOWS
21:24:01.796 AVAST engine scan C:\WINDOWS\system32
21:27:37.671 AVAST engine scan C:\WINDOWS\system32\drivers
21:28:00.906 AVAST engine scan C:\Documents and Settings\user
21:33:54.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
21:33:54.656 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[tameus1]

19:22:38.0510 4772 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:22:39.0026 4772 ============================================================
19:22:39.0026 4772 Current date / time: 2012/07/10 19:22:39.0026
19:22:39.0026 4772 SystemInfo:
19:22:39.0026 4772
19:22:39.0026 4772 OS Version: 5.1.2600 ServicePack: 3.0
19:22:39.0026 4772 Product type: Workstation
19:22:39.0026 4772 ComputerName: TAMEUS
19:22:39.0026 4772 UserName: user
19:22:39.0026 4772 Windows directory: C:\WINDOWS
19:22:39.0026 4772 System windows directory: C:\WINDOWS
19:22:39.0026 4772 Processor architecture: Intel x86
19:22:39.0026 4772 Number of processors: 2
19:22:39.0026 4772 Page size: 0x1000
19:22:39.0026 4772 Boot type: Normal boot
19:22:39.0026 4772 ============================================================
19:22:43.0651 4772 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:22:43.0698 4772 ============================================================
19:22:43.0713 4772 \Device\Harddisk0\DR0:
19:22:43.0713 4772 MBR partitions:
19:22:43.0713 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
19:22:43.0713 4772 ============================================================
19:22:43.0791 4772 C: <-> \Device\Harddisk0\DR0\Partition0
19:22:44.0151 4772 ============================================================
19:22:44.0151 4772 Initialize success
19:22:44.0151 4772 ============================================================
19:22:58.0573 5748 ============================================================
19:22:58.0573 5748 Scan started
19:22:58.0573 5748 Mode: Manual;
19:22:58.0573 5748 ============================================================
19:23:07.0854 5748 Abiosdsk - ok
19:23:07.0854 5748 abp480n5 - ok
19:23:08.0182 5748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:23:08.0229 5748 ACPI - ok
19:23:08.0323 5748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:23:08.0323 5748 ACPIEC - ok
19:23:08.0541 5748 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:23:08.0557 5748 AdobeFlashPlayerUpdateSvc - ok
19:23:08.0557 5748 adpu160m - ok
19:23:08.0588 5748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:23:08.0588 5748 aec - ok
19:23:08.0635 5748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:23:08.0635 5748 AegisP - ok
19:23:08.0745 5748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:23:08.0745 5748 AFD - ok
19:23:08.0745 5748 Aha154x - ok
19:23:08.0760 5748 aic78u2 - ok
19:23:08.0760 5748 aic78xx - ok
19:23:08.0791 5748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:23:08.0807 5748 Alerter - ok
19:23:08.0838 5748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:23:08.0838 5748 ALG - ok
19:23:08.0838 5748 AliIde - ok
19:23:08.0838 5748 amsint - ok
19:23:08.0979 5748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:23:08.0979 5748 Apple Mobile Device - ok
19:23:09.0026 5748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:23:09.0026 5748 AppMgmt - ok
19:23:09.0120 5748 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
19:23:09.0120 5748 AR5523 - ok
19:23:09.0166 5748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:23:09.0166 5748 Arp1394 - ok
19:23:09.0166 5748 asc - ok
19:23:09.0166 5748 asc3350p - ok
19:23:09.0166 5748 asc3550 - ok
19:23:09.0479 5748 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:23:09.0526 5748 aspnet_state - ok
19:23:09.0557 5748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:23:09.0573 5748 AsyncMac - ok
19:23:09.0651 5748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:23:09.0651 5748 atapi - ok
19:23:09.0651 5748 Atdisk - ok
19:23:09.0729 5748 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:23:09.0729 5748 atksgt - ok
19:23:09.0963 5748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:23:09.0963 5748 Atmarpc - ok
19:23:09.0995 5748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:23:09.0995 5748 AudioSrv - ok
19:23:10.0026 5748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:23:10.0026 5748 audstub - ok
19:23:10.0166 5748 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
19:23:10.0166 5748 BCMH43XX - ok
19:23:10.0198 5748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:23:10.0198 5748 Beep - ok
19:23:10.0245 5748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:23:10.0354 5748 BITS - ok
19:23:10.0557 5748 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:23:10.0557 5748 Bonjour Service - ok
19:23:10.0604 5748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:23:10.0604 5748 Browser - ok
19:23:10.0682 5748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:23:10.0682 5748 cbidf2k - ok
19:23:10.0682 5748 cd20xrnt - ok
19:23:10.0713 5748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:23:10.0713 5748 Cdaudio - ok
19:23:10.0745 5748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:23:10.0745 5748 Cdfs - ok
19:23:10.0760 5748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:23:10.0760 5748 Cdrom - ok
19:23:10.0760 5748 Changer - ok
19:23:10.0776 5748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:23:10.0776 5748 CiSvc - ok
19:23:10.0776 5748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:23:10.0791 5748 ClipSrv - ok
19:23:10.0948 5748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:11.0010 5748 clr_optimization_v2.0.50727_32 - ok
19:23:11.0057 5748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:11.0057 5748 clr_optimization_v4.0.30319_32 - ok
19:23:11.0057 5748 CmdIde - ok
19:23:11.0057 5748 COMSysApp - ok
19:23:11.0073 5748 Cpqarray - ok
19:23:11.0104 5748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:23:11.0104 5748 CryptSvc - ok
19:23:11.0182 5748 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys
19:23:11.0182 5748 ctac32k - ok
19:23:11.0213 5748 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:23:11.0229 5748 ctaud2k - ok
19:23:11.0291 5748 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:23:11.0291 5748 ctdvda2k - ok
19:23:11.0338 5748 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:23:11.0338 5748 ctprxy2k - ok
19:23:11.0370 5748 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:23:11.0370 5748 ctsfm2k - ok
19:23:11.0370 5748 dac2w2k - ok
19:23:11.0370 5748 dac960nt - ok
19:23:11.0432 5748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:23:11.0448 5748 DcomLaunch - ok
19:23:11.0495 5748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:23:11.0510 5748 Dhcp - ok
19:23:11.0541 5748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:23:11.0541 5748 Disk - ok
19:23:11.0557 5748 dmadmin - ok
19:23:11.0588 5748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:23:11.0588 5748 dmboot - ok
19:23:11.0620 5748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:23:11.0620 5748 dmio - ok
19:23:11.0635 5748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:23:11.0635 5748 dmload - ok
19:23:11.0666 5748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:23:11.0666 5748 dmserver - ok
19:23:11.0666 5748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:23:11.0666 5748 DMusic - ok
19:23:11.0698 5748 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
19:23:11.0698 5748 DNINDIS5 - ok
19:23:11.0729 5748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:23:11.0729 5748 Dnscache - ok
19:23:11.0776 5748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:23:11.0776 5748 Dot3svc - ok
19:23:11.0776 5748 dpti2o - ok
19:23:11.0838 5748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:23:11.0838 5748 drmkaud - ok
19:23:11.0870 5748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:23:11.0870 5748 EapHost - ok
19:23:11.0932 5748 emu10kx (d861ba9d8a688320daeee8e03129f1c1) C:\WINDOWS\system32\drivers\e10kx2k.sys
19:23:11.0963 5748 emu10kx - ok
19:23:12.0057 5748 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys
19:23:12.0057 5748 emupia - ok
19:23:12.0088 5748 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
19:23:12.0088 5748 ENTECH - ok
19:23:12.0166 5748 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
19:23:12.0182 5748 EpsonBidirectionalService - ok
19:23:12.0229 5748 EpsonCustomerParticipation (cf5dd6219185b18f7f8d8ce0142fd13f) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
19:23:12.0245 5748 EpsonCustomerParticipation - ok
19:23:12.0354 5748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:23:12.0385 5748 ERSvc - ok
19:23:12.0463 5748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:23:12.0463 5748 Eventlog - ok
19:23:12.0698 5748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:23:12.0791 5748 EventSystem - ok
19:23:12.0870 5748 Ext2FS (013d5f2774a2173a4f1cb00a68a812c1) C:\WINDOWS\system32\drivers\Ext2FS.sys
19:23:12.0870 5748 Ext2FS - ok
19:23:12.0916 5748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:23:12.0932 5748 Fastfat - ok
19:23:12.0932 5748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:23:12.0932 5748 FastUserSwitchingCompatibility - ok
19:23:12.0948 5748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:23:12.0948 5748 Fdc - ok
19:23:12.0948 5748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:23:12.0948 5748 Fips - ok
19:23:12.0963 5748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:23:12.0963 5748 Flpydisk - ok
19:23:13.0026 5748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:23:13.0026 5748 FltMgr - ok
19:23:13.0385 5748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:23:13.0416 5748 FontCache3.0.0.0 - ok
19:23:13.0479 5748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:23:13.0479 5748 Fs_Rec - ok
19:23:13.0604 5748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:23:13.0651 5748 Ftdisk - ok
19:23:13.0666 5748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:23:13.0666 5748 gameenum - ok
19:23:13.0838 5748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:23:13.0838 5748 GEARAspiWDM - ok
19:23:13.0901 5748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:23:13.0901 5748 Gpc - ok
19:23:14.0198 5748 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:23:14.0198 5748 gupdate - ok
19:23:14.0198 5748 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:23:14.0198 5748 gupdatem - ok
19:23:14.0260 5748 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys
19:23:14.0260 5748 ha20x2k - ok
19:23:14.0354 5748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:23:14.0354 5748 HDAudBus - ok
19:23:14.0588 5748 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:23:14.0635 5748 helpsvc - ok
19:23:14.0635 5748 HidServ - ok
19:23:14.0760 5748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:23:14.0760 5748 HidUsb - ok
19:23:14.0885 5748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:23:14.0885 5748 hkmsvc - ok
19:23:14.0885 5748 hpn - ok
19:23:15.0245 5748 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
19:23:15.0354 5748 HPSLPSVC - ok
19:23:15.0495 5748 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:23:15.0510 5748 HPZid412 - ok
19:23:15.0588 5748 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:23:15.0588 5748 HPZipr12 - ok
19:23:15.0651 5748 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:23:15.0651 5748 HPZius12 - ok
19:23:15.0870 5748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:23:15.0901 5748 HTTP - ok
19:23:15.0995 5748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:23:15.0995 5748 HTTPFilter - ok
19:23:15.0995 5748 i2omgmt - ok
19:23:16.0010 5748 i2omp - ok
19:23:16.0073 5748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:23:16.0073 5748 i8042prt - ok
19:23:16.0713 5748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:23:16.0838 5748 idsvc - ok
19:23:16.0932 5748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:23:16.0932 5748 Imapi - ok
19:23:16.0963 5748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:23:16.0963 5748 ImapiService - ok
19:23:16.0979 5748 ini910u - ok
19:23:18.0198 5748 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:23:19.0073 5748 IntcAzAudAddService - ok
19:23:19.0370 5748 IntelIde - ok
19:23:19.0526 5748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:23:19.0526 5748 intelppm - ok
19:23:19.0776 5748 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:23:19.0776 5748 IntuitUpdateService - ok
19:23:19.0838 5748 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:23:19.0838 5748 IntuitUpdateServiceV4 - ok
19:23:19.0932 5748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:23:19.0948 5748 Ip6Fw - ok
19:23:20.0057 5748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:23:20.0057 5748 IpFilterDriver - ok
19:23:20.0088 5748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:23:20.0088 5748 IpInIp - ok
19:23:20.0104 5748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:23:20.0104 5748 IpNat - ok
19:23:20.0682 5748 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
19:23:20.0682 5748 iPod Service - ok
19:23:20.0713 5748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:23:20.0713 5748 IPSec - ok
19:23:20.0729 5748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:23:20.0729 5748 IRENUM - ok
19:23:20.0776 5748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:23:20.0807 5748 isapnp - ok
19:23:20.0979 5748 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:23:20.0979 5748 JavaQuickStarterService - ok
19:23:21.0041 5748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:23:21.0041 5748 Kbdclass - ok
19:23:21.0073 5748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:23:21.0073 5748 kbdhid - ok
19:23:21.0088 5748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:23:21.0104 5748 kmixer - ok
19:23:21.0120 5748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:23:21.0135 5748 KSecDD - ok
19:23:21.0198 5748 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:23:21.0198 5748 lanmanserver - ok
19:23:21.0307 5748 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:23:21.0307 5748 lanmanworkstation - ok
19:23:21.0307 5748 lbrtfdc - ok
19:23:21.0370 5748 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:23:21.0370 5748 lirsgt - ok
19:23:21.0463 5748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:23:21.0479 5748 LmHosts - ok
19:23:21.0526 5748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:23:21.0557 5748 Messenger - ok
19:23:21.0588 5748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:23:21.0604 5748 mnmdd - ok
19:23:21.0635 5748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:23:21.0635 5748 mnmsrvc - ok
19:23:21.0698 5748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:23:21.0698 5748 Modem - ok
19:23:21.0729 5748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:23:21.0729 5748 Mouclass - ok
19:23:21.0791 5748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:23:21.0791 5748 mouhid - ok
19:23:21.0823 5748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:23:21.0823 5748 MountMgr - ok
19:23:21.0854 5748 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:23:21.0854 5748 MozillaMaintenance - ok
19:23:21.0901 5748 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:23:21.0916 5748 MpFilter - ok
19:23:21.0916 5748 mraid35x - ok
19:23:21.0948 5748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:23:21.0948 5748 MRxDAV - ok
19:23:22.0073 5748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:23:22.0073 5748 MRxSmb - ok
19:23:22.0135 5748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:23:22.0135 5748 MSDTC - ok
19:23:22.0198 5748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:23:22.0198 5748 Msfs - ok
19:23:22.0198 5748 MSIServer - ok
19:23:22.0245 5748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:23:22.0245 5748 MSKSSRV - ok
19:23:22.0245 5748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:23:22.0245 5748 MSPCLOCK - ok
19:23:22.0245 5748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:23:22.0245 5748 MSPQM - ok
19:23:22.0291 5748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:23:22.0291 5748 mssmbios - ok
19:23:22.0354 5748 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:23:22.0354 5748 MTsensor - ok
19:23:22.0463 5748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:23:22.0479 5748 Mup - ok
19:23:22.0526 5748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:23:22.0526 5748 napagent - ok
19:23:22.0807 5748 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
19:23:22.0807 5748 NAUpdate - ok
19:23:22.0870 5748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:23:22.0870 5748 NDIS - ok
19:23:22.0948 5748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:23:22.0979 5748 NdisTapi - ok
19:23:22.0979 5748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:23:22.0979 5748 Ndisuio - ok
19:23:23.0057 5748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:23:23.0057 5748 NdisWan - ok
19:23:23.0104 5748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:23:23.0104 5748 NDProxy - ok
19:23:23.0166 5748 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
19:23:23.0166 5748 Net Driver HPZ12 - ok
19:23:23.0182 5748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:23:23.0182 5748 NetBIOS - ok
19:23:23.0198 5748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:23:23.0198 5748 NetBT - ok
19:23:23.0291 5748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:23:23.0307 5748 NetDDE - ok
19:23:23.0307 5748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:23:23.0307 5748 NetDDEdsdm - ok
19:23:23.0370 5748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:23:23.0370 5748 Netlogon - ok
19:23:23.0385 5748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:23:23.0385 5748 Netman - ok
19:23:23.0588 5748 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:23.0604 5748 NetTcpPortSharing - ok
19:23:23.0635 5748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:23:23.0635 5748 NIC1394 - ok
19:23:23.0729 5748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:23:23.0745 5748 Nla - ok
19:23:23.0791 5748 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\DRIVERS\npf.sys
19:23:23.0791 5748 NPF - ok
19:23:23.0807 5748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:23:23.0807 5748 Npfs - ok
19:23:23.0838 5748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:23:23.0838 5748 Ntfs - ok
19:23:23.0901 5748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:23:23.0901 5748 NtLmSsp - ok
19:23:23.0932 5748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:23:23.0932 5748 NtmsSvc - ok
19:23:23.0979 5748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:23:23.0979 5748 Null - ok
19:23:24.0198 5748 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:23:24.0370 5748 nv - ok
19:23:24.0557 5748 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:23:24.0557 5748 nvata - ok
19:23:24.0604 5748 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
19:23:24.0604 5748 nvatabus - ok
19:23:24.0713 5748 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:23:24.0713 5748 NVENETFD - ok
19:23:24.0791 5748 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:23:24.0791 5748 nvnetbus - ok
19:23:24.0823 5748 NVSvc (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
19:23:24.0823 5748 NVSvc - ok
19:23:24.0870 5748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:23:24.0870 5748 NwlnkFlt - ok
19:23:24.0885 5748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:23:24.0885 5748 NwlnkFwd - ok
19:23:25.0010 5748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:23:25.0010 5748 ohci1394 - ok
19:23:25.0057 5748 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:23:25.0057 5748 ossrv - ok
19:23:25.0073 5748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:23:25.0073 5748 Parport - ok
19:23:25.0198 5748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:23:25.0198 5748 PartMgr - ok
19:23:25.0245 5748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:23:25.0245 5748 ParVdm - ok
19:23:25.0245 5748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:23:25.0245 5748 PCI - ok
19:23:25.0260 5748 PCIDump - ok
19:23:25.0291 5748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:23:25.0291 5748 PCIIde - ok
19:23:25.0463 5748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:23:25.0557 5748 Pcmcia - ok
19:23:25.0557 5748 PDCOMP - ok
19:23:25.0557 5748 PDFRAME - ok
19:23:25.0573 5748 PDRELI - ok
19:23:25.0573 5748 PDRFRAME - ok
19:23:25.0573 5748 perc2 - ok
19:23:25.0573 5748 perc2hib - ok
19:23:25.0666 5748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:23:25.0666 5748 PlugPlay - ok
19:23:25.0745 5748 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
19:23:25.0745 5748 Pml Driver HPZ12 - ok
19:23:25.0807 5748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:23:25.0807 5748 PolicyAgent - ok
19:23:25.0870 5748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:23:25.0870 5748 PptpMiniport - ok
19:23:25.0870 5748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:23:25.0870 5748 ProtectedStorage - ok
19:23:25.0932 5748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:23:25.0932 5748 PSched - ok
19:23:25.0963 5748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:23:25.0963 5748 Ptilink - ok
19:23:26.0120 5748 QBCFMonitorService (f3775745cbeedc8e4690d822fe669bf5) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
19:23:26.0120 5748 QBCFMonitorService - ok
19:23:26.0198 5748 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
19:23:26.0213 5748 QBFCService - ok
19:23:26.0213 5748 ql1080 - ok
19:23:26.0213 5748 Ql10wnt - ok
19:23:26.0213 5748 ql12160 - ok
19:23:26.0213 5748 ql1240 - ok
19:23:26.0229 5748 ql1280 - ok
19:23:26.0229 5748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:23:26.0229 5748 RasAcd - ok
19:23:26.0323 5748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:23:26.0323 5748 RasAuto - ok
19:23:26.0416 5748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:23:26.0416 5748 Rasl2tp - ok
19:23:26.0479 5748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:23:26.0479 5748 RasMan - ok
19:23:26.0495 5748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:23:26.0495 5748 RasPppoe - ok
19:23:26.0495 5748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:23:26.0495 5748 Raspti - ok
19:23:26.0541 5748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:23:26.0557 5748 Rdbss - ok
19:23:26.0604 5748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:23:26.0604 5748 RDPCDD - ok
19:23:26.0620 5748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:23:26.0620 5748 rdpdr - ok
19:23:26.0745 5748 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:23:26.0745 5748 RDPWD - ok
19:23:26.0838 5748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:23:26.0854 5748 RDSessMgr - ok
19:23:26.0885 5748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:23:26.0885 5748 redbook - ok
19:23:26.0932 5748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:23:26.0932 5748 RemoteAccess - ok
19:23:26.0963 5748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:23:26.0979 5748 RemoteRegistry - ok
19:23:27.0010 5748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:23:27.0010 5748 RpcLocator - ok
19:23:27.0041 5748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:23:27.0057 5748 RpcSs - ok
19:23:27.0135 5748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:23:27.0135 5748 RSVP - ok
19:23:27.0182 5748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:23:27.0182 5748 SamSs - ok
19:23:27.0245 5748 SASKUTIL - ok
19:23:27.0291 5748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:23:27.0291 5748 SCardSvr - ok
19:23:27.0354 5748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:23:27.0354 5748 Schedule - ok
19:23:27.0416 5748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:23:27.0416 5748 Secdrv - ok
19:23:27.0432 5748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:23:27.0448 5748 seclogon - ok
19:23:27.0448 5748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:23:27.0448 5748 SENS - ok
19:23:27.0463 5748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:23:27.0463 5748 serenum - ok
19:23:27.0479 5748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:23:27.0479 5748 Serial - ok
19:23:27.0604 5748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:23:27.0604 5748 Sfloppy - ok
19:23:27.0651 5748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:23:27.0651 5748 ShellHWDetection - ok
19:23:27.0651 5748 Simbad - ok
19:23:27.0651 5748 Sparrow - ok
19:23:27.0682 5748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:23:27.0682 5748 splitter - ok
19:23:27.0729 5748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:23:27.0729 5748 Spooler - ok
19:23:27.0729 5748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:23:27.0729 5748 sr - ok
19:23:27.0807 5748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:23:27.0807 5748 srservice - ok
19:23:27.0916 5748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:23:27.0932 5748 Srv - ok
19:23:28.0057 5748 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
19:23:28.0073 5748 ssadbus - ok
19:23:28.0073 5748 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
19:23:28.0088 5748 ssadmdfl - ok
19:23:28.0104 5748 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
19:23:28.0104 5748 ssadmdm - ok
19:23:28.0151 5748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:23:28.0151 5748 SSDPSRV - ok
19:23:28.0198 5748 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:23:28.0198 5748 StillCam - ok
19:23:28.0323 5748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:23:28.0323 5748 stisvc - ok
19:23:28.0370 5748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:23:28.0370 5748 swenum - ok
19:23:28.0416 5748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:23:28.0416 5748 swmidi - ok
19:23:28.0416 5748 SwPrv - ok
19:23:28.0432 5748 symc810 - ok
19:23:28.0432 5748 symc8xx - ok
19:23:28.0432 5748 sym_hi - ok
19:23:28.0432 5748 sym_u3 - ok
19:23:28.0479 5748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:23:28.0479 5748 sysaudio - ok
19:23:28.0557 5748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:23:28.0557 5748 SysmonLog - ok
19:23:28.0573 5748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:23:28.0588 5748 TapiSrv - ok
19:23:28.0666 5748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:23:28.0682 5748 Tcpip - ok
19:23:28.0729 5748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:23:28.0729 5748 TDPIPE - ok
19:23:28.0745 5748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:23:28.0745 5748 TDTCP - ok
19:23:28.0745 5748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:23:28.0760 5748 TermDD - ok
19:23:28.0791 5748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:23:28.0791 5748 TermService - ok
19:23:28.0885 5748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:23:28.0885 5748 Themes - ok
19:23:28.0932 5748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:23:28.0932 5748 TlntSvr - ok
19:23:28.0932 5748 TosIde - ok
19:23:28.0963 5748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:23:28.0963 5748 TrkWks - ok
19:23:29.0026 5748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:23:29.0026 5748 Udfs - ok
19:23:29.0026 5748 ultra - ok
19:23:29.0088 5748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:23:29.0088 5748 Update - ok
19:23:29.0135 5748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:23:29.0135 5748 upnphost - ok
19:23:29.0166 5748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:23:29.0166 5748 UPS - ok
19:23:29.0260 5748 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:23:29.0276 5748 USBAAPL - ok
19:23:29.0370 5748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:23:29.0370 5748 usbaudio - ok
19:23:29.0479 5748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:23:29.0495 5748 usbccgp - ok
19:23:29.0510 5748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:23:29.0510 5748 usbehci - ok
19:23:29.0526 5748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:29.0526 5748 usbhub - ok
19:23:29.0526 5748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:23:29.0526 5748 usbohci - ok
19:23:29.0620 5748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:23:29.0635 5748 usbprint - ok
19:23:29.0713 5748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:23:29.0713 5748 usbscan - ok
19:23:29.0729 5748 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:29.0729 5748 usbstor - ok
19:23:29.0745 5748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:23:29.0745 5748 VgaSave - ok
19:23:29.0745 5748 ViaIde - ok
19:23:29.0838 5748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:29.0838 5748 VolSnap - ok
19:23:29.0901 5748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:23:29.0901 5748 VSS - ok
19:23:29.0948 5748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:23:29.0948 5748 W32Time - ok
19:23:29.0948 5748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:29.0963 5748 Wanarp - ok
19:23:29.0963 5748 WDICA - ok
19:23:30.0041 5748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:30.0041 5748 wdmaud - ok
19:23:30.0073 5748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:23:30.0073 5748 WebClient - ok
19:23:30.0198 5748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:23:30.0198 5748 winmgmt - ok
19:23:30.0260 5748 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
19:23:30.0260 5748 WMDM PMSP Service - ok
19:23:30.0338 5748 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:23:30.0370 5748 WmdmPmSN - ok
19:23:30.0541 5748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:23:30.0541 5748 Wmi - ok
19:23:30.0588 5748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:23:30.0588 5748 WmiApSrv - ok
19:23:30.0916 5748 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:23:31.0010 5748 WMPNetworkSvc - ok
19:23:31.0135 5748 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:23:31.0151 5748 WpdUsb - ok
19:23:31.0916 5748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:23:32.0057 5748 WPFFontCache_v0400 - ok
19:23:32.0588 5748 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
19:23:32.0588 5748 WSWNA3100 - ok
19:23:32.0635 5748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:23:32.0729 5748 wuauserv - ok
19:23:32.0901 5748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:23:32.0916 5748 WudfPf - ok
19:23:33.0088 5748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:23:33.0135 5748 WudfRd - ok
19:23:33.0323 5748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:23:33.0354 5748 WudfSvc - ok
19:23:33.0682 5748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:23:33.0713 5748 WZCSVC - ok
19:23:33.0901 5748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:23:34.0166 5748 xmlprov - ok
19:23:34.0229 5748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:23:34.0260 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:23:34.0260 5748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:23:34.0291 5748 Boot (0x1200) (c1f5cb2c8f6559d0b9aa855b9b6ef3d0) \Device\Harddisk0\DR0\Partition0
19:23:34.0354 5748 \Device\Harddisk0\DR0\Partition0 - ok
19:23:34.0354 5748 ============================================================
19:23:34.0354 5748 Scan finished
19:23:34.0354 5748 ============================================================
19:23:34.0354 3244 Detected object count: 1
19:23:34.0354 3244 Actual detected object count: 1
19:23:46.0057 3244 \Device\Harddisk0\DR0\# - copied to quarantine
19:23:46.0057 3244 \Device\Harddisk0\DR0 - copied to quarantine
19:23:46.0885 3244 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:23:46.0963 3244 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:23:47.0041 3244 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:23:47.0041 3244 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:23:47.0073 3244 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:23:47.0166 3244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:23:47.0166 3244 \Device\Harddisk0\DR0 - ok
19:23:47.0213 3244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:23:51.0963 4704 Deinitialize success

19:27:45.0531 2080 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:27:46.0031 2080 ============================================================
19:27:46.0031 2080 Current date / time: 2012/07/10 19:27:46.0031
19:27:46.0031 2080 SystemInfo:
19:27:46.0031 2080
19:27:46.0031 2080 OS Version: 5.1.2600 ServicePack: 3.0
19:27:46.0031 2080 Product type: Workstation
19:27:46.0031 2080 ComputerName: TAMEUS
19:27:46.0031 2080 UserName: user
19:27:46.0031 2080 Windows directory: C:\WINDOWS
19:27:46.0031 2080 System windows directory: C:\WINDOWS
19:27:46.0031 2080 Processor architecture: Intel x86
19:27:46.0031 2080 Number of processors: 2
19:27:46.0031 2080 Page size: 0x1000
19:27:46.0031 2080 Boot type: Normal boot
19:27:46.0031 2080 ============================================================
19:27:46.0421 2080 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:27:46.0453 2080 ============================================================
19:27:46.0453 2080 \Device\Harddisk0\DR0:
19:27:46.0453 2080 MBR partitions:
19:27:46.0453 2080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
19:27:46.0453 2080 ============================================================
19:27:46.0500 2080 C: <-> \Device\Harddisk0\DR0\Partition0
19:27:46.0500 2080 ============================================================
19:27:46.0500 2080 Initialize success
19:27:46.0500 2080 ============================================================
19:28:51.0609 0180 Deinitialize success

 

[Broni]

Good

See if RogueKiller will run now.

 

[tameus1]

I did not hit the "Fix Shortcuts" button. Should I?

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 07/10/2012 21:31:29

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] xpbjxuqd.dll -- C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1715567821-1425521274-839522115-1003[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\L --> FOUND
[ZeroAccess][FILE] n : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\n --> FOUND
[ZeroAccess][FILE] @ : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721680PLA380 +++++
--- User ---
[MBR] 7481beb7bd9c404d1274cf222e068336
[BSP] ff237d623419e8fe7a97a3e3b48fc9d8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[Broni]

No.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[tameus1]

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by user at 10-07-2012 21:58:09
Running from K:\
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-10 21:58 - 2012-07-10 21:58 - 00000000 ____D C:\FRST
2012-07-10 21:45 - 2012-07-10 21:45 - 00003761 ____A C:\Windows\KB2691442.log
2012-07-10 21:45 - 2012-07-10 21:45 - 00003670 ____A C:\Windows\KB2655992.log
2012-07-10 21:45 - 2012-07-10 21:45 - 00003611 ____A C:\Windows\KB2719985.log
2012-07-10 21:45 - 2012-07-10 21:45 - 00000000 ____D C:\Windows\LastGood.Tmp
2012-07-10 21:31 - 2012-07-10 21:31 - 00003883 ____A C:\Documents and Settings\user\Desktop\RKreport[1].txt
2012-07-10 19:23 - 2012-07-10 19:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-09 22:46 - 2012-07-09 22:46 - 00000664 ____A C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-07-09 21:51 - 2012-07-09 21:50 - 00090112 ____A C:\Windows\Minidump\Mini070912-05.dmp
2012-07-09 21:49 - 2012-07-09 21:49 - 01558016 ____A C:\Documents and Settings\user\Desktop\winlogon.exe
2012-07-09 21:43 - 2012-07-09 21:42 - 00090112 ____A C:\Windows\Minidump\Mini070912-04.dmp
2012-07-09 21:36 - 2012-07-09 21:36 - 00090112 ____A C:\Windows\Minidump\Mini070912-03.dmp
2012-07-09 21:23 - 2012-07-09 21:33 - 00003955 ____A C:\Documents and Settings\user\Desktop\aswMBR.txt
2012-07-09 21:23 - 2012-07-09 21:33 - 00000512 ____A C:\Documents and Settings\user\Desktop\MBR.dat
2012-07-09 21:03 - 2012-07-09 21:03 - 00090112 ____A C:\Windows\Minidump\Mini070912-02.dmp
2012-07-09 20:52 - 2012-07-10 21:31 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2012-07-09 19:41 - 2012-07-09 19:41 - 00023574 ____A C:\Documents and Settings\user\Desktop\attach.txt
2012-07-09 19:41 - 2012-07-09 19:41 - 00017110 ____A C:\Documents and Settings\user\Desktop\dds.txt
2012-07-09 19:11 - 2012-07-09 19:11 - 00000949 ____A C:\Documents and Settings\user\Desktop\gmerlog.log
2012-07-09 19:01 - 2012-07-09 19:02 - 00003606 ____A C:\Windows\setupapi.log
2012-07-09 18:54 - 2012-07-09 18:54 - 00090112 ____A C:\Windows\Minidump\Mini070912-01.dmp
2012-07-08 12:50 - 2012-07-08 12:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 17:26 - 2012-07-07 17:26 - 00000000 ____D C:\Windows\pss
2012-07-07 17:14 - 2012-07-07 17:14 - 00263094 ____A C:\Documents and Settings\user\Local Settings\Application Data\census.cache
2012-07-07 17:14 - 2012-07-07 17:14 - 00195987 ____A C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
2012-07-07 17:03 - 2012-07-07 17:03 - 00000036 ____A C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
2012-07-07 14:40 - 2012-07-07 14:40 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 14:40 - 2012-04-04 15:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-04 13:15 - 2012-07-04 13:15 - 00000115 ____A C:\Windows\wininit.ini
2012-07-04 12:56 - 2011-04-01 18:04 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120704-125617.backup
2012-07-01 14:11 - 2012-07-01 14:11 - 00000000 ___SD C:\Documents and Settings\LocalService\UserData
2012-06-28 21:21 - 2012-07-06 23:29 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-06-28 21:21 - 2012-07-06 23:29 - 00000000 ____D C:\Program Files\CCleaner
2012-06-25 16:05 - 2012-06-25 16:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-25 16:05 - 2012-06-25 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2012-06-24 14:24 - 2012-07-10 19:21 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-06-16 23:23 - 2012-06-16 23:23 - 00000000 ____D C:\Documents and Settings\user\ZipForm
2012-06-16 23:22 - 2012-06-16 23:22 - 00000088 ____A C:\Documents and Settings\user\.java.policy
2012-06-12 23:56 - 2012-06-12 23:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2707511$
2012-06-12 23:49 - 2012-06-12 23:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2699988$
2012-06-12 23:42 - 2012-06-12 23:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2685939$
2012-06-12 23:38 - 2012-06-12 23:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$

============ 3 Months Modified Files ========================

2012-07-10 21:56 - 2007-10-16 13:22 - 00000062 __ASH C:\Documents and Settings\user\Local Settings\desktop.ini
2012-07-10 21:56 - 2007-10-16 13:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-07-10 21:56 - 2004-10-08 05:01 - 00013646 ____A C:\Windows\System32\wpa.dbl
2012-07-10 21:52 - 2007-11-08 19:46 - 00002064 ____A C:\Windows\System32\settingsbkup.sfm
2012-07-10 21:52 - 2007-11-08 19:46 - 00002064 ____A C:\Windows\System32\settings.sfm
2012-07-10 21:51 - 2007-10-16 13:21 - 00032588 ____A C:\Windows\SchedLgU.Txt
2012-07-10 21:51 - 2007-10-16 13:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-10 21:51 - 2007-10-16 13:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-07-10 21:51 - 2007-10-16 13:16 - 01078437 ____A C:\Windows\WindowsUpdate.log
2012-07-10 21:51 - 2007-10-16 05:37 - 00000216 ____A C:\Windows\wiadebug.log
2012-07-10 21:51 - 2007-10-16 05:37 - 00000049 ____A C:\Windows\wiaservc.log
2012-07-10 21:46 - 2011-06-21 19:26 - 00000232 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2012-07-10 21:45 - 2012-07-10 21:45 - 00003761 ____A C:\Windows\KB2691442.log
2012-07-10 21:45 - 2012-07-10 21:45 - 00003670 ____A C:\Windows\KB2655992.log
2012-07-10 21:45 - 2012-07-10 21:45 - 00003611 ____A C:\Windows\KB2719985.log
2012-07-10 21:31 - 2012-07-10 21:31 - 00003883 ____A C:\Documents and Settings\user\Desktop\RKreport[1].txt
2012-07-10 21:05 - 2011-12-12 20:49 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-10 20:52 - 2012-05-01 21:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-10 19:26 - 2011-12-12 20:49 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-10 19:26 - 2007-10-16 13:35 - 00198791 ____A C:\Windows\System32\nvapps.xml
2012-07-10 19:21 - 2012-06-24 14:24 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-07-09 22:46 - 2012-07-09 22:46 - 00000664 ____A C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-07-09 21:50 - 2012-07-09 21:51 - 00090112 ____A C:\Windows\Minidump\Mini070912-05.dmp
2012-07-09 21:49 - 2012-07-09 21:49 - 01558016 ____A C:\Documents and Settings\user\Desktop\winlogon.exe
2012-07-09 21:42 - 2012-07-09 21:43 - 00090112 ____A C:\Windows\Minidump\Mini070912-04.dmp
2012-07-09 21:36 - 2012-07-09 21:36 - 00090112 ____A C:\Windows\Minidump\Mini070912-03.dmp
2012-07-09 21:33 - 2012-07-09 21:23 - 00003955 ____A C:\Documents and Settings\user\Desktop\aswMBR.txt
2012-07-09 21:33 - 2012-07-09 21:23 - 00000512 ____A C:\Documents and Settings\user\Desktop\MBR.dat
2012-07-09 21:03 - 2012-07-09 21:03 - 00090112 ____A C:\Windows\Minidump\Mini070912-02.dmp
2012-07-09 19:41 - 2012-07-09 19:41 - 00023574 ____A C:\Documents and Settings\user\Desktop\attach.txt
2012-07-09 19:41 - 2012-07-09 19:41 - 00017110 ____A C:\Documents and Settings\user\Desktop\dds.txt
2012-07-09 19:11 - 2012-07-09 19:11 - 00000949 ____A C:\Documents and Settings\user\Desktop\gmerlog.log
2012-07-09 19:02 - 2012-07-09 19:01 - 00003606 ____A C:\Windows\setupapi.log
2012-07-09 18:54 - 2012-07-09 18:54 - 00090112 ____A C:\Windows\Minidump\Mini070912-01.dmp
2012-07-08 21:50 - 2007-10-16 13:22 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2012-07-08 12:51 - 2012-03-04 22:08 - 00001945 ___AC C:\Windows\epplauncher.mif
2012-07-07 17:14 - 2012-07-07 17:14 - 00263094 ____A C:\Documents and Settings\user\Local Settings\Application Data\census.cache
2012-07-07 17:14 - 2012-07-07 17:14 - 00195987 ____A C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
2012-07-07 17:03 - 2012-07-07 17:03 - 00000036 ____A C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
2012-07-07 14:40 - 2012-07-07 14:40 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 09:44 - 2011-03-15 20:44 - 00000963 ____A C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
2012-07-06 23:29 - 2012-06-28 21:21 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-07-04 13:15 - 2012-07-04 13:15 - 00000115 ____A C:\Windows\wininit.ini
2012-07-02 09:48 - 2011-12-17 17:29 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-06-25 11:34 - 2011-03-29 11:19 - 00029048 ____A C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2012-06-16 23:22 - 2012-06-16 23:22 - 00000088 ____A C:\Documents and Settings\user\.java.policy
2012-06-13 17:25 - 2007-10-16 05:33 - 00157952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 23:55 - 2007-10-16 05:35 - 00551370 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 23:46 - 2008-12-07 23:04 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-05 11:37 - 2012-06-05 11:37 - 28106752 ____A C:\Documents and Settings\user\Desktop\Thomasito del Castillo - Attorney at Law (Backup Jun 05,2012 11 37 AM).QBB
2012-06-05 00:28 - 2012-06-01 19:46 - 10039296 ___RA C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW
2012-06-05 00:28 - 2012-06-01 19:46 - 00983040 ___RA C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW.TLG
2012-06-05 00:28 - 2012-06-01 19:46 - 00000378 ____A C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW.nd
2012-06-04 20:55 - 2012-06-04 20:55 - 00001542 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-06-04 11:32 - 2012-06-04 11:32 - 333862968 ____A C:\Documents and Settings\user\Desktop\Baby's 8 week.MOV
2012-06-02 15:19 - 2011-04-02 13:34 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2012-06-02 15:19 - 2007-10-16 13:16 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00329240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00219160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
2012-06-02 15:19 - 2007-10-16 13:16 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
2012-06-02 15:19 - 2007-10-16 13:16 - 00210968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
2012-06-02 15:19 - 2007-10-16 13:16 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2007-10-16 13:16 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
2012-06-02 15:19 - 2007-10-16 13:16 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:19 - 2007-07-30 19:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2007-07-30 19:19 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui
2012-06-02 15:19 - 2007-07-30 19:18 - 00022040 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui
2012-06-02 15:19 - 2007-07-30 19:18 - 00017944 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui
2012-06-02 15:19 - 2004-10-08 05:01 - 00097304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cdm.dll
2012-06-02 15:19 - 2004-10-08 05:01 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\cdm.dll
2012-06-02 15:18 - 2011-08-29 09:22 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
2012-06-02 15:18 - 2011-08-29 09:22 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
2012-06-02 15:18 - 2011-08-29 09:22 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
2012-05-31 12:25 - 2012-03-04 22:28 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-31 06:22 - 2011-09-09 02:12 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
2012-05-31 06:22 - 2004-10-08 05:01 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-05-18 13:09 - 2012-04-15 04:33 - 01800063 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1425521274-839522115-1003-0.dat
2012-05-18 13:09 - 2012-04-15 04:33 - 00148662 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2012-05-17 13:01 - 2012-04-14 13:02 - 00002447 ____A C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
2012-05-16 00:58 - 2010-12-20 15:15 - 00667136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-05-16 00:58 - 2004-10-08 05:01 - 00667136 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 06:20 - 2010-12-31 06:10 - 01863168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-05-15 06:20 - 2004-10-08 05:01 - 01863168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 06:16 - 2011-04-02 13:37 - 02148352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-05-04 06:16 - 2004-10-08 05:01 - 02148352 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 06:12 - 2011-04-02 13:37 - 02192640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-05-04 05:32 - 2011-04-02 13:37 - 02026496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-05-04 05:32 - 2009-02-07 20:02 - 02069120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-05-04 05:32 - 2004-08-03 15:59 - 02026496 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-02 06:46 - 2011-08-16 22:01 - 00139656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-05-02 06:46 - 2007-10-16 13:14 - 00139656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-01 22:50 - 2012-05-01 22:33 - 178733300 ____A C:\Documents and Settings\user\Desktop\tommy.mov
2012-05-01 21:27 - 2012-05-01 21:27 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-01 21:27 - 2011-06-21 20:52 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-01 21:26 - 2012-05-01 21:26 - 00000802 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
2012-04-20 12:29 - 2011-06-21 11:18 - 00037888 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 03088384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 01510400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\shdocvw.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 01025024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\browseui.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00633344 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00532480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00449536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00251904 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieencode.dll
2012-04-20 12:29 - 2010-12-20 15:15 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\tdc.ocx
2012-04-20 12:29 - 2004-10-08 05:01 - 03088384 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 01510400 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 01025024 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00633344 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00532480 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00449536 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2012-04-20 12:29 - 2004-10-08 05:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-20 12:29 - 2004-10-08 05:01 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 05:44 - 2004-10-08 05:01 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-14 19:06 - 2012-04-14 13:31 - 00002405 ____A C:\Documents and Settings\All Users\Desktop\TurboTax Business 2011.lnk
2012-04-14 13:22 - 2012-04-14 13:02 - 00000590 ____A C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc


ZeroAccess:
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\@
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\00000004.@
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\201d3dde
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000004.@
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\000000cb.@
C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@

ZeroAccess:
C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}
C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\@
C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\L
C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n
C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2012-07-10 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP916

RP: -> 2012-07-09 18:43 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP915

RP: -> 2012-07-09 17:50 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP914

RP: -> 2012-07-08 12:35 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP913

RP: -> 2012-07-08 12:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP912

RP: -> 2012-07-08 12:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP911

RP: -> 2012-07-08 12:06 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP910

RP: -> 2012-07-08 00:29 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP909

RP: -> 2012-07-07 09:59 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP908

RP: -> 2012-07-07 09:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP907

RP: -> 2012-07-06 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP906

RP: -> 2012-07-06 22:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP905

RP: -> 2012-07-06 18:51 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP904

RP: -> 2012-07-06 01:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP903

RP: -> 2012-07-06 00:32 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP902

RP: -> 2012-07-05 00:43 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP901

RP: -> 2012-07-04 15:35 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP900

RP: -> 2012-07-04 12:51 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP899

RP: -> 2012-07-04 01:28 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP898

RP: -> 2012-07-02 23:56 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP897

RP: -> 2012-07-02 18:37 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP896

RP: -> 2012-07-01 15:55 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP895

RP: -> 2012-07-01 15:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP894

RP: -> 2012-07-01 13:11 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP893

RP: -> 2012-07-01 13:01 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP892

RP: -> 2012-06-29 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP891

RP: -> 2012-06-28 20:15 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP890

RP: -> 2012-06-28 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP889

RP: -> 2012-06-27 22:23 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP888

RP: -> 2012-06-26 19:53 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP887

RP: -> 2012-06-26 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP886

RP: -> 2012-06-25 19:59 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP885

RP: -> 2012-06-25 11:17 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP884

RP: -> 2012-06-24 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP883

RP: -> 2012-06-24 13:47 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP882

RP: -> 2012-06-23 21:14 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP881

RP: -> 2012-06-22 23:07 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP880

RP: -> 2012-06-22 20:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP879

RP: -> 2012-06-21 00:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP878

RP: -> 2012-06-20 21:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP877

RP: -> 2012-06-19 23:26 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP876

RP: -> 2012-06-19 18:55 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP875

RP: -> 2012-06-18 23:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP874

RP: -> 2012-06-18 01:01 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP873

RP: -> 2012-06-17 20:12 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP872

RP: -> 2012-06-17 00:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP871

RP: -> 2012-06-16 17:16 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP870

RP: -> 2012-06-16 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP869

RP: -> 2012-06-15 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP868

RP: -> 2012-06-15 00:21 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP867

RP: -> 2012-06-13 23:58 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP866

RP: -> 2012-06-13 17:36 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP865

RP: -> 2012-06-12 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP864

RP: -> 2012-06-11 23:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP863

RP: -> 2012-06-11 21:05 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP862

RP: -> 2012-06-11 20:57 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP861

RP: -> 2012-06-11 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP860

RP: -> 2012-06-10 16:13 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP859

RP: -> 2012-06-10 14:12 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP858

RP: -> 2012-06-09 23:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP857

RP: -> 2012-06-09 22:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP856

RP: -> 2012-06-08 22:50 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP855


========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2046.48 MB
Available physical RAM: 1763.96 MB
Total Pagefile: 3942.61 MB
Available Pagefile: 3873.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 2004.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:20.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive k: (TOSHIBA) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 75 GB Healthy System (partition with boot components)
==================================================================================
======================= End Of Log ==========================

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[tameus1]

ComboFix 12-07-11.03 - user 07/11/2012 19:31:26.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1411 [GMT -7:00]
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}
c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\@
c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n
c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
c:\documents and settings\user\Local Settings\Application Data\assembly\tmp
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\@
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\00000004.@
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\201d3dde
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000004.@
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\000000cb.@
c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-11 04:58 . 2012-07-11 04:58 -------- d-----w- C:\FRST
2012-07-11 02:23 . 2012-07-11 02:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-10 05:46 . 2012-07-10 05:46 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-07-08 19:56 . 2012-06-18 10:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C783904-AB2E-4133-B750-CB4FA49057F9}\mpengine.dll
2012-07-08 19:50 . 2012-07-08 19:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-07 21:40 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 21:11 . 2012-07-01 21:11 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-06-29 04:21 . 2012-07-07 06:29 -------- d-----w- c:\program files\CCleaner
2012-06-25 23:05 . 2012-06-25 23:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-17 06:23 . 2012-06-17 06:23 -------- d-----w- c:\documents and settings\user\ZipForm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2004-10-08 12:01 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-10-08 12:01 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-10-08 12:01 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-10-16 20:16 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2007-10-16 20:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-10-16 20:16 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2011-04-02 20:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2007-10-16 20:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2007-10-16 20:16 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2004-10-08 12:01 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2007-10-16 20:16 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2007-10-16 20:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2011-08-29 16:22 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2011-08-29 16:22 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2011-08-29 16:22 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 19:25 . 2012-03-05 05:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-10-08 12:01 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-10-08 12:01 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2004-10-08 12:01 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2007-10-16 20:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-02 04:27 . 2012-05-02 04:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 04:27 . 2011-06-22 03:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-20 19:29 . 2004-10-08 12:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29 . 2004-10-08 12:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2004-10-08 12:01 369664 ----a-w- c:\windows\system32\html.iec
2012-06-25 22:55 . 2012-06-25 22:55 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-10 00:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-19 17360520]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-10 1557160]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-10-18 884840]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-12-7 4577760]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 Ext2FS;Ext2FS;c:\windows\system32\drivers\ext2fs.sys [10/1/2009 4:33 PM 37840]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [3/17/2011 7:03 PM 513408]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/7/2011 9:30 PM 642432]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 8:49 PM 136176]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [12/7/2011 9:30 PM 285152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/1/2012 9:27 PM 253600]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/18/2007 12:57 AM 17149]
S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [7/13/2001 5:29 AM 1745168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 8:49 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/25/2012 4:05 PM 113120]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/25/2011 7:37 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/25/2011 7:37 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/25/2011 7:37 PM 121576]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:27]
.
2012-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 03:48]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 03:48]
.
2012-07-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-10 00:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?.home=ytie
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AskToolbar - c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
HKU-Default-Run-Adobe - c:\documents and settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll
HKU-Default-Run-AskToolbar - c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
Notify-avgrsstarter - (no file)
Notify-itlntfy - (no file)
SafeBoot-MsMpSvc
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\20.0.1132.47\Installer\setup.exe
AddRemove-InfraRecorder - c:\program files\InfraRecorder\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-11 19:52:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 02:52
.
Pre-Run: 21,942,607,872 bytes free
Post-Run: 23,240,146,944 bytes free
.
- - End Of File - - 99E03AFAD3C80991ABE456930C820C00

 

[Broni]

Looks good

How is computer doing?

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[tameus1]

OTL logfile created on: 7/11/2012 9:14:53 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/11 21:14:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2011/03/17 19:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/03/09 01:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 01:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/07/13 15:11:42 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/05/23 21:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/05/23 21:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/05/23 21:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 18:32:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:30:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/12 23:55:42 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/12 23:55:41 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/12 23:55:41 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/12 23:55:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/12 23:55:39 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/12 23:55:39 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/12 23:55:31 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/12 23:55:30 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/12 23:55:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/12 23:55:26 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/12 23:53:10 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/12 23:45:37 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/12 11:08:19 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:08:16 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 11:08:15 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/11 23:19:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:19:05 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/11 23:11:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/11 23:10:55 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/11 23:10:51 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/11 23:10:46 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/11 23:10:33 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/11 23:10:23 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/18 18:31:14 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/18 18:31:13 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/18 18:31:12 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/18 18:31:12 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/18 18:31:12 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/18 18:31:12 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/18 18:31:12 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/18 18:31:11 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/18 18:31:11 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/18 18:31:11 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/18 18:31:11 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/04/12 12:19:50 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/04/12 12:19:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/04/12 12:19:50 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/04/12 12:19:48 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/04/12 12:19:47 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/04/12 12:19:46 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/04/12 12:19:45 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/04/12 12:19:44 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/04/12 12:19:44 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/04/12 12:19:44 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/03 12:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009/03/15 20:40:49 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/15 20:40:49 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/15 20:40:49 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/15 20:40:48 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/15 20:40:48 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/15 20:40:48 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/20 11:17:46 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/20 11:17:45 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/20 11:17:44 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/02/20 11:09:10 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/20 11:09:09 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/20 11:09:08 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/20 11:09:08 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/20 11:09:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/20 11:09:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/06/11 20:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/07 06:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/25 15:55:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/01 21:27:09 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/03/17 19:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/16 20:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/12/07 17:50:13 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/12/07 17:50:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/14 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 16:55:20 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/05/23 20:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/23 20:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/05/23 20:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/23 20:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/23 20:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/23 20:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/23 20:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 04:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 04:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/10 02:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/01/23 19:34:26 | 000,037,840 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\ext2fs.sys -- (Ext2FS)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/07/13 05:29:12 | 001,745,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e10kx2k.sys -- (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "https://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 15:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 23:36:51 | 000,000,000 | ---D | M]

[2011/01/24 17:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/06/08 17:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions
[2012/05/20 09:50:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/07 15:44:37 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012/06/06 20:14:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com
[2011/03/21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\searchplugins\conduit.xml
[2012/01/16 20:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/29 09:26:09 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/17 21:19:58 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HIAQG9MZ.DEFAULT\EXTENSIONS\AJDFWFRAUG@AJDFWFRAUG.ORG.XPI
[2012/06/25 15:55:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/25 15:55:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 15:55:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

[tameus1]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/07/11 19:46:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301776445218 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0FA88F-EB10-4A05-98C2-551AA30E7DCA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{438FB883-A8D6-4C2F-90DC-8821C3C87A0B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3BA2CA1-666E-467E-A7FA-CC11D685D771}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/16 13:17:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 19:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/11 19:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/11 19:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/11 19:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/11 19:29:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/11 19:28:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 21:58:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/10 19:23:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/09 20:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine
[2012/07/08 12:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/07 17:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/07 17:23:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2012/07/07 14:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/07 14:40:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/28 21:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/06/28 21:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/25 16:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/25 16:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/16 23:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\ZipForm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/11 21:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/11 20:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/11 20:13:33 | 000,198,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/07/11 20:13:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/11 20:13:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 20:13:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/11 20:12:14 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
[2012/07/11 20:12:14 | 000,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
[2012/07/11 20:12:14 | 000,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
[2012/07/11 20:12:14 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/07/11 20:12:14 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/07/11 19:46:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/11 03:19:36 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 03:02:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 19:21:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/09 21:49:33 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\user\Desktop\winlogon.exe
[2012/07/09 21:33:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2012/07/08 13:44:33 | 000,672,041 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 394089.pdf
[2012/07/08 13:42:41 | 001,075,898 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 394809.pdf
[2012/07/08 12:51:20 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/07 17:14:29 | 000,263,094 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012/07/07 17:14:12 | 000,195,987 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2012/07/07 17:03:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2012/07/07 14:40:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 09:44:48 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/07 09:44:48 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
[2012/07/06 23:29:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/07/06 23:06:19 | 000,050,206 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Commissions.pdf
[2012/07/04 13:15:14 | 000,000,115 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/02 09:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/01 14:02:42 | 000,401,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 392088.pdf
[2012/06/19 20:20:30 | 000,119,458 | ---- | M] () -- C:\Documents and Settings\user\Desktop\media_httpboingboingn_nCGtz.jpg.scaled980.jpg
[2012/06/16 23:22:12 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\user\.java.policy
[2012/06/16 21:55:01 | 000,049,725 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Bath Salts.jpg
[2012/06/12 23:55:52 | 000,481,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 23:55:52 | 000,079,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/11 19:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/11 19:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/11 19:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/11 19:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/11 19:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/11 03:00:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 21:49:27 | 001,558,016 | ---- | C] () -- C:\Documents and Settings\user\Desktop\winlogon.exe
[2012/07/09 21:23:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2012/07/08 13:42:41 | 001,075,898 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 394809.pdf
[2012/07/08 13:40:27 | 000,672,041 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 394089.pdf
[2012/07/08 12:51:05 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/07 17:14:29 | 000,263,094 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012/07/07 17:14:12 | 000,195,987 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2012/07/07 17:03:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2012/07/07 14:40:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/06 23:06:32 | 000,050,206 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Commissions.pdf
[2012/07/04 13:15:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/07/01 14:02:42 | 000,401,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 392088.pdf
[2012/06/28 21:21:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/24 14:24:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 20:20:28 | 000,119,458 | ---- | C] () -- C:\Documents and Settings\user\Desktop\media_httpboingboingn_nCGtz.jpg.scaled980.jpg
[2012/06/16 23:22:12 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\user\.java.policy
[2012/06/16 21:55:00 | 000,049,725 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Bath Salts.jpg
[2012/04/15 04:33:19 | 001,800,063 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1425521274-839522115-1003-0.dat
[2012/04/15 04:33:18 | 000,148,662 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/14 13:02:53 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 20:26:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/13 22:19:00 | 000,000,117 | ---- | C] () -- C:\WINDOWS\EWF435.ini
[2011/06/03 16:31:44 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/04/22 00:35:10 | 000,021,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/09 21:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/25 19:37:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2010/10/08 19:41:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/10/30 20:20:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/25 23:31:46 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2012/03/04 22:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/05/25 13:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/06/03 18:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/26 03:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/06/21 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2011/01/25 19:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/05/29 08:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2011/01/22 21:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/13 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Epson
[2011/06/30 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
[2011/12/25 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Epson
[2011/03/26 03:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\f-secure
[2011/06/21 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
[2011/11/14 00:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2012/05/31 00:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PrimoPDF
[2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

 

[tameus1]

OTL Extras logfile created on: 7/11/2012 9:14:53 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{1240EECF-D5E1-4C1A-8337-B236E950D983}" = TurboTax 2010 wcasbpm
"{12BB534D-429F-401E-95BC-9ADBDDCDC1D8}" = TurboTax 2008 wcalbpm
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1CCD8F53-7D84-4388-B808-4DFC45F390BA}" = TurboTax 2008 wcasbpm
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{361AC691-EAA2-012B-AD19-000000000000}" = TurboTax 2009 wcalbpm
"{36302351-EAA2-012B-AD1E-000000000000}" = TurboTax 2009 wcasbpm
"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{4D0AF541-AEB5-42C0-ADB5-09F7D6F7640F}" = TurboTax 2010 whiiper
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C555021-17BE-4C01-99D5-B7ED1ADEAF09}" = TurboTax 2010 wcalbpm
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
"{8ECB8220-F425-4BEB-9596-97033C533702}" = QuickBooks Premier: Retail Edition 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
"{A0E21A4A-27B6-4771-950A-64F9ED59BE53}" = TurboTax 2011 wcasbpm
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8B63671-0A2E-4C9C-8A86-B64C4CBF4561}" = TurboTax 2011 whiiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Software Downloader" = Amazon Software Downloader
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"IrfanView" = IrfanView (remove only)
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"OCCT_is1" = OCCT Perestroika 2.0.1
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Shop for HP Supplies" = Shop for HP Supplies
"SysInfo" = Creative System Information
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Business 2009" = TurboTax Business 2009
"TurboTax Business 2010" = TurboTax Business 2010
"TurboTax Business 2011" = TurboTax Business 2011
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
module unknown, version 0.0.0.0, fault address 0x00222c2f.

[ QB GDS Plugi Events ]
Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
Description =

[ System Events ]
Error - 7/11/2012 1:02:49 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 6:00:33 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 7/11/2012 6:02:44 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 10:29:46 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/11/2012 10:45:55 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 11:13:24 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >

 

[tameus1]

OTL Extras logfile created on: 7/11/2012 9:14:53 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{1240EECF-D5E1-4C1A-8337-B236E950D983}" = TurboTax 2010 wcasbpm
"{12BB534D-429F-401E-95BC-9ADBDDCDC1D8}" = TurboTax 2008 wcalbpm
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1CCD8F53-7D84-4388-B808-4DFC45F390BA}" = TurboTax 2008 wcasbpm
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{361AC691-EAA2-012B-AD19-000000000000}" = TurboTax 2009 wcalbpm
"{36302351-EAA2-012B-AD1E-000000000000}" = TurboTax 2009 wcasbpm
"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{4D0AF541-AEB5-42C0-ADB5-09F7D6F7640F}" = TurboTax 2010 whiiper
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C555021-17BE-4C01-99D5-B7ED1ADEAF09}" = TurboTax 2010 wcalbpm
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
"{8ECB8220-F425-4BEB-9596-97033C533702}" = QuickBooks Premier: Retail Edition 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
"{A0E21A4A-27B6-4771-950A-64F9ED59BE53}" = TurboTax 2011 wcasbpm
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter

 

[tameus1]

"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8B63671-0A2E-4C9C-8A86-B64C4CBF4561}" = TurboTax 2011 whiiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Software Downloader" = Amazon Software Downloader
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"IrfanView" = IrfanView (remove only)
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"OCCT_is1" = OCCT Perestroika 2.0.1
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Shop for HP Supplies" = Shop for HP Supplies
"SysInfo" = Creative System Information
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Business 2009" = TurboTax Business 2009
"TurboTax Business 2010" = TurboTax Business 2010
"TurboTax Business 2011" = TurboTax Business 2011
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
module unknown, version 0.0.0.0, fault address 0x00222c2f.

[ QB GDS Plugi Events ]
Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
Description =

Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
Description =

Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
Description =

Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
Description =

[ System Events ]
Error - 7/11/2012 1:02:49 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 6:00:33 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 7/11/2012 6:02:44 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 10:29:46 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/11/2012 10:45:55 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/11/2012 11:13:24 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >

 

[Broni]

You didn't say:

How is computer doing?

===========================================

If MSE is not working correctly reinstall it.

==========================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
  [2012/06/06 20:14:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
  O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
  O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
  O15 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
  [2012/03/04 22:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
  [2011/06/30 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
  [2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Ask.com
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===========================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[tameus1]

Hey Broni, sorry about that. Computer is working well. Redirect appears to be resolved.

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-01-May-2012-07-16-05-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-13-Oct-2011-19-12-52-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-25-Dec-2011-22-05-00-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-17-Jul-2011-18-58-52-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-12-Nov-2011-19-13-58-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-06-Aug-2011-21-00-04-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-28-Nov-2011-17-43-10-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-16-Jan-2012-04-51-09-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Sep-2011-23-55-13-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-10-Feb-2012-03-36-02-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\Documents and Settings\user\Application Data\AskToolbar folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4014214 bytes
->Flash cache emptied: 5500 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 67731 bytes

User: user
->Temp folder emptied: 975921 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 11034349 bytes
->FireFox cache emptied: 157641246 bytes
->Google Chrome cache emptied: 185371057 bytes
->Flash cache emptied: 3882 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9241 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 343.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07112012_214546

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 29
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Farbar Service Scanner Version: 08-07-2012
Ran by user (administrator) on 11-07-2012 at 21:56:03
Running from "C:\Documents and Settings\user\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

ESETScan

C:\Documents and Settings\user\Desktop\RK_Quarantine\xpbjxuqd.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
C:\Documents and Settings\user\My Documents\Downloads\infrarecorder_34.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n.vir Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP913\A0110157.ini Win32/Sirefef.EZ trojan deleted - quarantined
C:\System Volume Information\_restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP917\A0116293.dll a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.MY trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

==============================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[tameus1]

Hi Broni! Computer is working well. Thanks for your help!

 

[Broni]

Yes!!

Good luck and stay safe