Solved Redirected from Google search results to other malicious websites

I ran norton removal tool successfully


OTL logfile created on: 12/14/2010 5:39:06 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.26 Gb Total Space | 31.57 Gb Free Space | 10.88% Space Free | Partition Type: NTFS

Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/13 17:33:46 | 000,000,000 | ---D | M]

[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/12/14 16:55:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
[2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/21 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
[2010/12/14 16:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/12 11:12:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
[2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
[2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
[2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
[2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
[2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
[2010/11/17 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/17 18:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

========== Files - Modified Within 30 Days ==========

[2010/12/14 17:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 17:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 17:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/14 17:31:51 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/14 17:31:51 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/12 20:36:03 | 000,050,176 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/12 20:12:10 | 000,073,449 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
[2010/12/12 19:25:39 | 000,000,937 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/17 18:11:58 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 20:46:48 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/12 20:12:09 | 000,073,449 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
[2010/12/12 19:25:39 | 000,000,937 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
[2010/11/17 18:11:58 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 20:46:48 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
[2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
[2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
[2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/10 18:22:01 | 000,050,176 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
[2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
[2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
[2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
[2009/06/10 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
[2010/12/14 17:35:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
[2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
[2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
[2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
[2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
[2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
[2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
[2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
[2010/12/12 19:25:40 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
[2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
[2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
[2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
[2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
[2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
[2010/12/14 17:36:13 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

More scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
OTL Log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.Default-PC
->Temp folder emptied: 26518362 bytes
->Temporary Internet Files folder emptied: 53192092 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 107027596 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 21254 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5776 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Default.Default-PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12152010_182026

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Security Check Log

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.2.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````







BitDefender QuickScan Log

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Wed Dec 15 18:30:45 2010
Machine ID: 78135D2F



No infection found.
-------------------



Processes
---------
ConfigFree(TM) 1488 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
Firefox 1472 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 1440 C:\Program Files\Mozilla Firefox\plugin-container.exe
Microsoft® .NET Framework 976 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Microsoft® Windows Live ID 2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 3352 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 3236 C:\Program Files\Windows Media Player\wmpnetwk.exe
Microsoft® Windows® Operating System 2868 C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System 3244 C:\Windows\ehome\ehmsas.exe
Microsoft® Windows® Operating System 2856 C:\Windows\ehome\ehtray.exe
Microsoft® Windows® Operating System 1736 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 620 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 692 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 1996 C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System 736 C:\Windows\System32\lsass.exe
Microsoft® Windows® Operating System 744 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 724 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1376 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 548 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 1844 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 484 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1432 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1616 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 936 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1156 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1068 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1252 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1352 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1192 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1880 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2148 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2280 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 124 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 828 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 1964 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 2604 C:\Windows\System32\wercon.exe
Microsoft® Windows® Operating System 680 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 852 C:\Windows\System32\winlogon.exe
Microsoft® Windows® Operating System 1096 C:\Windows\System32\wuauclt.exe
MobileDeviceService 944 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PnkBstrA.exe 1888 C:\Windows\System32\PnkBstrA.exe
TOSHIBA Power Saver 2184 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
Windows® Search 3520 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 2388 C:\Windows\System32\SearchIndexer.exe
Windows® Search 1988 C:\Windows\System32\SearchProtocolHost.exe


Network activity
----------------
Process firefox.exe (1472) connected on port 80 (HTTP) --> 184.86.88.74
Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.45.101
Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.67.149
Process firefox.exe (1472) connected on port 80 (HTTP) --> 8.18.45.80
Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.185
Process firefox.exe (1472) connected on port 80 (HTTP) --> 69.63.189.16
Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.24
Process firefox.exe (1472) connected on port 80 (HTTP) --> 74.125.45.101
Process firefox.exe (1472) connected on port 80 (HTTP) --> 24.143.205.178
Process firefox.exe (1472) connected on port 80 (HTTP) --> 65.61.163.44
Process firefox.exe (1472) connected on port 80 (HTTP) --> 66.235.142.20
Process firefox.exe (1472) connected on port 80 (HTTP) --> 91.199.104.31

Process wininit.exe (680) listens on ports: 49152 (RPC)
Process services.exe (724) listens on ports: 49156 (RPC)
Process lsass.exe (736) listens on ports: 49155 (RPC)
Process svchost.exe (1020) listens on ports: 135 (RPC)
Process svchost.exe (1156) listens on ports: 49153 (RPC)
Process svchost.exe (1252) listens on ports: 49154 (RPC)


Autoruns and critical files
---------------------------
cdloader2 C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
JuniperSetupClientCtrlUninstaller.exe C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\Windows\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\Windows\system32\FastUv32.dll
--> HKLM\System\ControlSet001\services\FastUserSwitchingCompatibility\Parameters\"ServiceDll"

File not found: NDSTray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"

File not found: system32\DRIVERS\ipinip.sys
--> HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

File not found: system32\DRIVERS\nwlnkflt.sys
--> HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

File not found: system32\DRIVERS\nwlnkfwd.sys
--> HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Scan
----


No file uploaded.

Scan finished - communication took 8 sec
Total traffic - 0.07 MB sent, 636.10 KB recvd
Scanned 1345 files and modules - 28 seconds

==============================================================================
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
I still have the downloading problem where I download something and as soon as download is finished, the file disappears, even a file search turned up nothing.

I'm also still getting the "you need permission" error while reinstalling ESET, same error pops up when i try to delete the folder too.




OTL Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.Default-PC
->Temp folder emptied: 83273154 bytes
->Temporary Internet Files folder emptied: 1654663 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41812005 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1644 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6484 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 121.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.Default-PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.17.3 log created on 12162010_164241

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
ESET didnt appear on Revo uninstaller's list, i did a forced uninstall by using the path to the ESET folder, it appeared to have worked but after the restart, its still there and still wont reinstall.

I've also noticed that my entire hard drive has "read only" checked on properties, but i can still delete other folders, just not ESET.

Also I have resolved the downloading issue by bypassing a security check done by windows on browser downloads.




OTL logfile created on: 12/17/2010 6:25:37 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.26 Gb Total Space | 28.93 Gb Free Space | 9.97% Space Free | Partition Type: NTFS

Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/14 16:27:24 | 015,103,424 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/21 06:42:56 | 001,957,376 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:24:43 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 16:38:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/17 18:06:54 | 000,000,000 | ---D | M]

[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/12/16 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
[2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/15 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/12/16 17:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/14 21:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\VS Revo Group
[2010/12/17 18:02:10 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/12/17 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/17 16:15:18 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/12/16 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/16 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/12/15 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
[2010/12/15 18:20:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/15 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\JavaRa
[2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
[2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
[2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
[2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
[2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
[2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
[2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/17 18:24:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 18:24:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 18:15:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/17 18:15:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 18:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/17 18:04:51 | 000,051,200 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 17:48:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
[2010/12/17 17:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
[2010/12/17 17:01:21 | 000,402,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/17 15:59:41 | 000,000,949 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/16 19:50:54 | 000,000,947 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/16 17:44:50 | 000,002,118 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
[2010/12/16 17:44:50 | 000,002,080 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 16:38:59 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/15 18:10:00 | 000,869,051 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
[2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/09 23:25:57 | 000,080,384 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
[2010/12/08 20:44:18 | 000,624,128 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
[2010/12/08 20:43:36 | 000,296,448 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/17 15:59:41 | 000,000,949 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/16 17:44:50 | 000,002,118 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
[2010/12/16 17:44:50 | 000,002,080 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 17:43:54 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
[2010/12/16 17:43:53 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
[2010/12/16 16:38:59 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/15 23:25:28 | 003,963,823 | ---- | C] () -- C:\Users\Default.Default-PC\Documents\Heroine - Callan, Parriss, Hayden, Earl.mp3
[2010/12/15 18:09:47 | 000,869,051 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
[2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/12 19:25:39 | 000,000,947 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/09 23:25:57 | 000,080,384 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
[2010/12/08 20:44:13 | 000,624,128 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
[2010/12/08 20:43:34 | 000,296,448 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
[2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
[2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
[2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
[2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/10 18:22:01 | 000,051,200 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
[2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
[2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
[2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
[2010/12/17 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
[2010/12/17 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
[2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
[2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
[2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
[2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
[2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
[2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
[2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
[2010/12/16 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
[2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
[2010/12/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
[2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
[2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
[2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
[2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
[2010/12/17 18:07:42 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Good job on other issues :)

and still wont reinstall
Click to expand...
Any errors given?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/17 18:06:54 | 000,000,000 | ---D | M]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010/12/17 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
I'm still getting the same "you need permission" error



OTL Fix Log
All processes killed
========== OTL ==========
Service Epfwndis stopped successfully!
Service Epfwndis deleted successfully!
File move failed. C:\Windows\System32\drivers\epfwndis.sys scheduled to be moved on reboot.
Error: Unable to stop service epfw!
Unable to delete service\driver key epfw.
File move failed. C:\Windows\System32\drivers\epfw.sys scheduled to be moved on reboot.
Error: Unable to stop service ehdrv!
Unable to delete service\driver key ehdrv.
File move failed. C:\Windows\System32\drivers\ehdrv.sys scheduled to be moved on reboot.
Error: Unable to stop service eamon!
Unable to delete service\driver key eamon.
File move failed. C:\Windows\System32\drivers\eamon.sys scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components folder moved successfully.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird scheduled to be moved on reboot.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Default.Default-PC\AppData\Roaming\ESET folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 33431 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.Default-PC
->Temp folder emptied: 3099934 bytes
->Temporary Internet Files folder emptied: 803657 bytes
->Java cache emptied: 12660 bytes
->FireFox cache emptied: 25482623 bytes
->Google Chrome cache emptied: 343629044 bytes
->Flash cache emptied: 4808 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7502258 bytes

Total Files Cleaned = 363.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.Default-PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12172010_194829

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\epfwndis.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\epfw.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\ehdrv.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\eamon.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird scheduled to be moved on reboot.

Registry entries deleted on Reboot...




OTL Quick Scan Log
OTL logfile created on: 12/17/2010 7:57:14 PM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.26 Gb Total Space | 30.53 Gb Free Space | 10.52% Space Free | Partition Type: NTFS

Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 20:05:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 16:38:59 | 000,000,000 | ---D | M]

[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/12/16 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
[2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/15 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/12/17 19:13:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/14 21:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\VS Revo Group
[2010/12/17 18:02:10 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/12/17 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/16 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/16 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/12/15 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
[2010/12/15 18:20:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/15 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\JavaRa
[2010/12/13 17:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/13 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/12 21:33:50 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\tjnet
[2010/12/12 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\magicJack
[2010/12/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/12/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
[2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
[2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
[2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
[2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

========== Files - Modified Within 30 Days ==========

[2010/12/17 19:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 19:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 19:53:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/17 19:48:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
[2010/12/17 18:53:12 | 000,211,076 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_0256.JPG
[2010/12/17 18:15:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/17 18:15:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 18:04:51 | 000,051,200 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 17:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
[2010/12/17 17:01:21 | 000,402,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/17 15:59:41 | 000,000,949 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/16 19:50:54 | 000,000,947 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/16 17:44:50 | 000,002,118 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
[2010/12/16 17:44:50 | 000,002,080 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 16:38:59 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/15 18:10:00 | 000,869,051 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
[2010/12/14 17:29:58 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/14 17:29:32 | 000,924,816 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/09 23:25:57 | 000,080,384 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
[2010/12/08 20:44:18 | 000,624,128 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
[2010/12/08 20:43:36 | 000,296,448 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk

========== Files Created - No Company Name ==========

[2010/12/17 18:53:06 | 000,211,076 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\IMG_0256.JPG
[2010/12/17 15:59:41 | 000,000,949 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/16 17:44:50 | 000,002,118 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Google Chrome.lnk
[2010/12/16 17:44:50 | 000,002,080 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/16 17:43:54 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000UA.job
[2010/12/16 17:43:53 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3577462695-2815796255-52762183-1000Core.job
[2010/12/16 16:38:59 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/15 23:25:28 | 003,963,823 | ---- | C] () -- C:\Users\Default.Default-PC\Documents\Heroine - Callan, Parriss, Hayden, Earl.mp3
[2010/12/15 18:09:47 | 000,869,051 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\SecurityCheck.exe
[2010/12/14 17:30:32 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Tool.exe
[2010/12/14 17:30:31 | 000,924,816 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Norton_Removal_Toolv2.0+.exe
[2010/12/12 19:25:39 | 000,000,947 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\magicJack.lnk
[2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/09 23:25:57 | 000,080,384 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\MBRCheck.exe
[2010/12/08 20:44:13 | 000,624,128 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\dds.scr
[2010/12/08 20:43:34 | 000,296,448 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\6qh1o9rb.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
[2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
[2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
[2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
[2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/10 18:22:01 | 000,051,200 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
[2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
[2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
[2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
[2010/12/17 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
[2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
[2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
[2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
[2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
[2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
[2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
[2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
[2010/12/16 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mjusbsp
[2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
[2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
[2010/12/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QuickScan
[2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
[2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
[2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
[2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
[2010/12/17 19:52:21 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Those Eset drivers are still there...
Let's try some stronger tool...

Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
 
1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: 
Begin copying here:
Drivers to disable:
C:\Windows\System32\drivers\epfw.sys
C:\Windows\System32\drivers\ehdrv.sys
C:\Windows\System32\drivers\eamon.sys

Drivers to delete:
C:\Windows\System32\drivers\epfw.sys
C:\Windows\System32\drivers\ehdrv.sys
C:\Windows\System32\drivers\eamon.sys


Files to delete:
C:\Windows\System32\drivers\epfw.sys
C:\Windows\System32\drivers\ehdrv.sys
C:\Windows\System32\drivers\eamon.sys


2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

* Right click on the window under Input script here:, and select Paste.
* You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
* Click on Execute
* Answer "Yes" twice when prompted.


3. The Avenger will automatically do the following:

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "C:\Windows\System32\drivers\epfw.sys"
Disablement of driver "C:\Windows\System32\drivers\epfw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "C:\Windows\System32\drivers\ehdrv.sys"
Disablement of driver "C:\Windows\System32\drivers\ehdrv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "C:\Windows\System32\drivers\eamon.sys"
Disablement of driver "C:\Windows\System32\drivers\eamon.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\epfw.sys" not found!
Deletion of driver "C:\Windows\System32\drivers\epfw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\ehdrv.sys" not found!
Deletion of driver "C:\Windows\System32\drivers\ehdrv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\C:\Windows\System32\drivers\eamon.sys" not found!
Deletion of driver "C:\Windows\System32\drivers\eamon.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\System32\drivers\epfw.sys" deleted successfully.
File "C:\Windows\System32\drivers\ehdrv.sys" deleted successfully.
File "C:\Windows\System32\drivers\eamon.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
Daniel Sims
Microsoft is testing a free ad-supported version of Office that only saves files to the cloud
Replies
7
Views
203
seeprime
seeprime
A
Hacking group claims to have cracked Microsoft's software licensing security on a massive scale
Replies
19
Views
531
Bone fletcher
Bone fletcher

Latest posts

Back